Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
Analysis ID:1429025
MD5:85dba8fcede6c7f667101c4e4b392584
SHA1:8d13880f72226f88a3e1a6c332ac56f17af26bb9
SHA256:e25ef3370ff45d829134df08ca5db504716361caeda31a1ae55efe3a1be5f9b6
Tags:exe
Infos:

Detection

Score:69
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:48
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Deletes keys which are related to windows safe boot (disables safe mode boot)
Enables network access during safeboot for specific services
Installs a global keyboard hook
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Writes a notice file (html or txt) to demand a ransom
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a global mouse hook
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Execution of Suspicious File Type Extension
Uses a known web browser user agent for HTTP communication
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe (PID: 6176 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe" MD5: 85DBA8FCEDE6C7F667101C4E4B392584)
    • unpack200.exe (PID: 7236 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7256 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7280 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7296 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7316 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7564 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7672 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7716 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7784 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7832 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • unpack200.exe (PID: 7880 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • windowslauncher.exe (PID: 7976 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe" "-Xshare:dump" MD5: 58AF839323322202948776B70447BECD)
    • unpack200.exe (PID: 8016 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar" MD5: FFAE954C09033DF1EBCD4FE056B183F2)
    • Remote Support.exe (PID: 7188 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713584048640-1" MD5: 58AF839323322202948776B70447BECD)
      • icacls.exe (PID: 4180 cmdline: icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)F MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 2312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 7476 cmdline: icacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)F MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 7468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 7500 cmdline: icacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)F MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 7364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • elev_win.exe (PID: 5756 cmdline: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service MD5: 01DEEF7F533173DA5E2B26B00AFDE108)
        • elev_win.exe (PID: 7640 cmdline: "C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service" MD5: 01DEEF7F533173DA5E2B26B00AFDE108)
          • SimpleService.exe (PID: 7620 cmdline: "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service" MD5: 871F2AE119AC463E75BBEABC1E925AA9)
  • SimpleService.exe (PID: 5288 cmdline: "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" MD5: 871F2AE119AC463E75BBEABC1E925AA9)
    • session_win.exe (PID: 3468 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated" MD5: E6D42C11F69732831860A5EEEFD510A1)
      • windowslauncher.exe (PID: 404 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated" MD5: 58AF839323322202948776B70447BECD)
        • Session Elevation Helper (PID: 1144 cmdline: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup MD5: 58AF839323322202948776B70447BECD)
    • SimpleService.exe (PID: 3192 cmdline: "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService53942608 MD5: 871F2AE119AC463E75BBEABC1E925AA9)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Execution of Suspicious File Type Extension
Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup, CommandLine: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup, CommandLine|base64offset|contains: Wj, Image: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper, NewProcessName: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper, OriginalFileName: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper, ParentCommandLine: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated" , ParentImage: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe, ParentProcessId: 404, ParentProcessName: windowslauncher.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup, ProcessId: 1144, ProcessName: Session Elevation Helper

Snort Signatures

Timestamp:04/20/24-05:32:04.140813
SID:2049863
Source Port:49735
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:04/20/24-05:32:04.278483
SID:2049863
Source Port:49734
Destination Port:80
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exeVirustotal: Detection: 11%Perma Link
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeReversingLabs: Detection: 15%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_win.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeEXE: icacls.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\session_win.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\pack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\javaw.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\SimpleService.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\cadasuser.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java-rmi.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jjs.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shcad.exeJump to behavior

Compliance

barindex
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_win.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeEXE: icacls.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\session_win.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\pack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\javaw.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper64.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\SimpleService.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\cadasuser.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java-rmi.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jjs.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeEXE: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shcad.exeJump to behavior
Creates license or readme file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\readme.txtJump to behavior
PE / OLE file has a valid certificate
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeStatic PE information: certificate valid
Uses new MSVCR Dlls
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\MSVCR100.dllJump to behavior
Binary contains paths to debug symbols
Source: Binary string: msvcr100.amd64.pdb source: unpack200.exe, 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000002.00000002.1762948414.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000003.00000002.1768255152.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000004.00000002.1782178479.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000005.00000002.1871527860.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000007.00000002.1930861381.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 0000000A.00000002.1990708269.00000000666D1000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win64\release\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe, 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000002.00000002.1763245698.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000003.00000000.1763852294.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000004.00000000.1768887134.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000005.00000002.1871949632.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000007.00000002.1931438331.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 0000000A.00000002.1991124687.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666644A8 _errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,SetErrorMode,1_2_666644A8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666663E4 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_666663E4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666683E8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_666683E8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666623A0 FindClose,FindFirstFileExA,FindNextFileA,FindClose,1_2_666623A0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66665EE8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66665EE8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66663F10 _errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,1_2_66663F10
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66667F84 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66667F84
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66662C0C FindClose,FindFirstFileExW,FindNextFileW,FindClose,1_2_66662C0C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66666DDC __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66666DDC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66667B1C __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66667B1C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666885C __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_6666885C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666668D8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_666668D8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666649E4 _errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,1_2_666649E4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00402DE0 FindFirstFileA,GetLastError,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,15_2_00402DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\lib\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 4x nop then movzx r9d, byte ptr [rdi]15_2_00404D10
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 4x nop then mov r8, rdi15_2_004095E0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 4x nop then mov r8d, ebx15_2_00412980
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 4x nop then movzx eax, byte ptr [rcx+rdx]15_2_0040A7C0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 4x nop then lea rbx, qword ptr [rsp+70h]15_2_00409780

Networking

barindex
Snort IDS alert for network traffic
Source: TrafficSnort IDS: 2049863 ET TROJAN SimpleHelp Remote Access Software Activity 192.168.2.4:49734 -> 139.64.137.101:80
Source: TrafficSnort IDS: 2049863 ET TROJAN SimpleHelp Remote Access Software Activity 192.168.2.4:49735 -> 139.64.137.101:80
Enables network access during safeboot for specific services
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeRegistry value created: NULL Service
Source: Joe Sandbox ViewASN Name: EXPOHLUS EXPOHLUS
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-JWrapper-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /server_side_parameters HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /translations_user/en.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/brandingfiles?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/applet_splash.png?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/branding.properties?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdisclaimer.txt?language=en HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdetails.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Windows64JRE-version.txt?time=4186938694 HTTP/1.1User-Agent: JWrapperDownloaderHost: help.alphetacs.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Windows64JRE-version.txt?time=4186938694 HTTP/1.1User-Agent: JWrapperDownloaderHost: help.alphetacs.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Windows64JRE-version.txt?time=4186938694 HTTP/1.1User-Agent: JWrapperDownloaderHost: help.alphetacs.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-JWrapper-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /server_side_parameters HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /translations_user/en.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/brandingfiles?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/applet_splash.png?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /branding/branding.properties?a=3 HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdisclaimer.txt?language=en HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /simplehelpdetails.txt HTTP/1.1Cache-Control: no-cachePragma: no-cacheUser-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36Host: help.alphetacs.comAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2Connection: keep-alive
Source: unknownDNS traffic detected: queries for: help.alphetacs.com
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000000.1675586934.0000000000444000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://0.0.254.254
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000000.1675586934.0000000000444000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://0.0.254.254%lu
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000378B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000379A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.apple.com/root.crl0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000378B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000379A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.apple.com/timestamp.crl0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSAExtendedValidationCodeSigningCA.crl0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.azul.com/zulu/zuludocs/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.azul.com/zulu/zulurelnotes/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/tip/src/share/native/sun/security/ec/impl
Source: unpack200.exe, 00000001.00000003.1722430246.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722019491.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722558940.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722133126.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722206981.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apa
Source: unpack200.exe, 00000001.00000003.1722430246.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722019491.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722558940.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722133126.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722206981.0000000000F38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apa.org/POM/4.0.0
Source: unpack200.exe, 0000000A.00000003.1935319033.0000000000D17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apache.org/POM/4.0
Source: unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apache.org/POM/4.0.0
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maven.apache.org/xsd/maven-4.0.0.xsd
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000378B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000379A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.apple.com/ocsp-devid010
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0?
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openjdk.java.net/legal/exception-modules-2007-05-08.html
Source: unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openjsse.github.io/legacy8ujsse/
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openjsse.github.io/openjsse/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://relaxngcc.sf.net/).
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tartarus.org/~martin/PorterStemmer
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tl.symcd.com0&
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.sourceforge.net/upx-license.html.
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.tsx.org
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/).
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000378B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000379A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000378B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000379A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/appleca0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.azul.com
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.azul.com/license/zulu_third_party_licenses.html
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freebxml.org/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freebxml.org/).
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freetype.org/license.html
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/copyleft/gpl.html
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.txt
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nexus.hu/upx
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oasis-open.org/policies-guidelines/ipr
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/goto/opensourcecode/request
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/Public/.
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/cldr/data/.
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html.
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/reports/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xfree86.org/)
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zulu.org/forum
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.oracle.com/en/java/javase/11/docs/api/
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1875254613.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.oracle.com/en/java/javase/13/docs/api/
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.oracle.com/javase/8/docs/api/
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/alexeybakhtin
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dkozorez
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giltene
Source: unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/legacy8ujsse/legacy8ujsse/issues
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/openjsse/openjsse/issues
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/papalukas
Source: unpack200.exe, 00000001.00000003.1744176501.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1744014977.0000000000E51000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maven.apache.org/xsd/maven-4.0.0.xsd
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://openjdk.java.net/legal/gplv2
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opensource.org/licenses/BSD-2-Clause
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1924258092.00000000001E9000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1875254613.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1923250678.00000000001E5000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1987093455.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986999297.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1987498983.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oss.sonatype.org/
Source: unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1875254613.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oss.sonatype.org/content/repositories/snapshots
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0D
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0L
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000378B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.000000000379A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apple.com/appleca/0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/cps0/
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.thawte.com/repository0W

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWindows user hook set: 0 mouse low level C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWindows user hook set: 0 mouse low level C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeJump to behavior

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile dropped: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\en.txt -> encryption = setting up session securityverifying_encryption_details = the remote machine is verifying this connection and setting up encryption to protect any transferred data.verifying_password = verifying passwordverifying_password_details = the remote machine is verifying your passwordconnection_closed = connection closedconnection_closed_details = the connection to the remote machine has been terminated# initial update screentapplet_updating = updating, please wait...tapplet_installing = updating, please wait...tapplet_launching = launching...# web page infodont_see_below = don't see anything below?click_here = (click here)no_javascript_support = your browser does not support javascript.<p></p>javascript is required to view this page, please enable it in your browser or add this site to the trusted sites in your browser settings.no_java_message_part_one = if you don't see anything in the space below then your browser probably doesn't have the latest java runtime.<p></p>you can fix this by dJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666AA2BC1_2_666AA2BC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666ACBA01_2_666ACBA0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6669E6681_2_6669E668
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666CA6681_2_666CA668
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6665B6241_2_6665B624
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_667036B01_2_667036B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6667C6A01_2_6667C6A0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666506B01_2_666506B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666756B81_2_666756B8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666A7601_2_6666A760
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666CB7601_2_666CB760
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6667A77C1_2_6667A77C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6665D73C1_2_6665D73C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6668C7E81_2_6668C7E8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666AB7E41_2_666AB7E4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666B7C41_2_6666B7C4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B77D01_2_666B77D0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666727AC1_2_666727AC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666A74481_2_666A7448
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B34441_2_666B3444
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666F4541_2_6666F454
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6667A4101_2_6667A410
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666C74DC1_2_666C74DC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666724D01_2_666724D0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666644A81_2_666644A8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666784BC1_2_666784BC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666BF5581_2_666BF558
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666902441_2_66690244
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666C323C1_2_666C323C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666C12001_2_666C1200
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666CD2F81_2_666CD2F8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6669D2C41_2_6669D2C4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666BE2B81_2_666BE2B8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666C62B01_2_666C62B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666BD2B41_2_666BD2B4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666702881_2_66670288
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666792941_2_66679294
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6664B2981_2_6664B298
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666C3501_2_6666C350
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6668E3FC1_2_6668E3FC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666930501_2_66693050
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666CD0281_2_666CD028
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666C00081_2_666C0008
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B800C1_2_666B800C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B30101_2_666B3010
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6667A0EC1_2_6667A0EC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6664D0E81_2_6664D0E8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6667B1E01_2_6667B1E0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666A1F01_2_6666A1F0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666781941_2_66678194
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B5E5C1_2_666B5E5C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66678E101_2_66678E10
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666BE1C1_2_6666BE1C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66691EE81_2_66691EE8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66699EEC1_2_66699EEC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66694EC41_2_66694EC4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6667AE9C1_2_6667AE9C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66697F741_2_66697F74
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66679F441_2_66679F44
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666A6F581_2_666A6F58
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666BDF5C1_2_666BDF5C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66663F101_2_66663F10
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6668EFE81_2_6668EFE8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666C8FF01_2_666C8FF0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66679C741_2_66679C74
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B6C0C1_2_666B6C0C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66668CF81_2_66668CF8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B7CC41_2_666B7CC4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66698CD41_2_66698CD4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6668BC801_2_6668BC80
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66693C9C1_2_66693C9C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66674D401_2_66674D40
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666CAD2C1_2_666CAD2C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6669CDE81_2_6669CDE8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66660DCC1_2_66660DCC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66690DDC1_2_66690DDC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B4DAC1_2_666B4DAC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66677DB01_2_66677DB0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666C3A181_2_666C3A18
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6668AA101_2_6668AA10
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66677AF41_2_66677AF4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66669AAC1_2_66669AAC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66675A941_2_66675A94
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6669CB3C1_2_6669CB3C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B4B041_2_666B4B04
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66696BF81_2_66696BF8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66672BF41_2_66672BF4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666BEBD81_2_666BEBD8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666A5BB01_2_666A5BB0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66675B881_2_66675B88
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666888301_2_66688830
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666728D41_2_666728D4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6664D8B41_2_6664D8B4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666898881_2_66689888
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6665C8941_2_6665C894
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666759581_2_66675958
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666A92C1_2_6666A92C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B69241_2_666B6924
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666879381_2_66687938
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6668D9001_2_6668D900
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6669D9041_2_6669D904
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666649E41_2_666649E4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666959E01_2_666959E0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D833BC381_2_00007FF6D833BC38
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83330041_2_00007FF6D8333004
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D832164A1_2_00007FF6D832164A
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D832CA541_2_00007FF6D832CA54
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83212991_2_00007FF6D8321299
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83211221_2_00007FF6D8321122
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83210321_2_00007FF6D8321032
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83214D31_2_00007FF6D83214D3
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83214561_2_00007FF6D8321456
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D832164A1_2_00007FF6D832164A
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D8321DDC1_2_00007FF6D8321DDC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D8324FE81_2_00007FF6D8324FE8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83381781_2_00007FF6D8338178
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83221B81_2_00007FF6D83221B8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83213111_2_00007FF6D8321311
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83210321_2_00007FF6D8321032
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83212941_2_00007FF6D8321294
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D832E4E01_2_00007FF6D832E4E0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D833462C1_2_00007FF6D833462C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83330041_2_00007FF6D8333004
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0041040015_2_00410400
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00410CD015_2_00410CD0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004081B015_2_004081B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040E6D015_2_0040E6D0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040DED015_2_0040DED0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004036B015_2_004036B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040506015_2_00405060
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004058D015_2_004058D0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040A0B015_2_0040A0B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004030B015_2_004030B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00406D4015_2_00406D40
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004011D015_2_004011D0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00402DE015_2_00402DE0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00404E5015_2_00404E50
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040CAC015_2_0040CAC0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040D2A015_2_0040D2A0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004052A015_2_004052A0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00409F4015_2_00409F40
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040CF6015_2_0040CF60
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040DBE015_2_0040DBE0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004063F015_2_004063F0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040978015_2_00409780
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040FBA015_2_0040FBA0
Source: Joe Sandbox ViewDropped File: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe 313000B647E07FE9C08D538D160B5ADB4849A7E2E19C16E5E0F188B176470229
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: String function: 004025D8 appears 42 times
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: String function: 00007FF6D83216B3 appears 75 times
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000000.1675634360.000000000046B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename t) vs SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
Source: classification engineClassification label: mal69.rans.spyw.evad.winEXE@53/257@2/2
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00401EEC GetLastError,FormatMessageA,lstrlenA,lstrlenA,LocalAlloc,LocalFree,LocalFree,15_2_00401EEC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66663DA4 _errno,_invalid_parameter_noinfo,GetDiskFreeSpaceA,GetLastError,_errno,1_2_66663DA4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote SupportJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7364:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2312:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7468:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_Processor
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeReversingLabs: Detection: 15%
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: unpack200.exeString found in binary or memory: (For more information, run %s --help .)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe" "-Xshare:dump"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713584048640-1"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)F
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)F
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)F
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe "C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
Source: unknownProcess created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService53942608
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe" "-Xshare:dump" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713584048640-1"Jump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)FJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)FJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)FJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.serviceJump to behavior
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe "C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService53942608
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: msvcr100.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: networkexplorer.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: apphelp.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: wldp.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: propsys.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: profapi.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: edputil.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: urlmon.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: iertutil.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: srvcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: netutils.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: sspicli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: wintypes.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: appresolver.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: bcp47langs.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: slc.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: userenv.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: sppc.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: pcacli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: mpr.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: sfc_os.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: windows.storage.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: wldp.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: kernel.appcore.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: propsys.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: profapi.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: edputil.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: urlmon.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: iertutil.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: srvcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: netutils.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: windows.staterepositoryps.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: sspicli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: wintypes.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: appresolver.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: bcp47langs.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: slc.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: userenv.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: sppc.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: onecorecommonproxystub.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: apphelp.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: pcacli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: mpr.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSection loaded: sfc_os.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: apphelp.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: acgenral.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmm.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: samcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: msacm32.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: version.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: userenv.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: dwmapi.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: urlmon.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: mpr.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sspicli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: iertutil.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: srvcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: netutils.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: aclayers.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sfc.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sfc_os.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: apphelp.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: acgenral.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmm.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: samcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: msacm32.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: version.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: userenv.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: dwmapi.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: urlmon.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: mpr.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sspicli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: iertutil.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: srvcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: netutils.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: aclayers.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sfc.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeSection loaded: profapi.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: apphelp.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: acgenral.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: uxtheme.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmm.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: samcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: msacm32.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: version.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: userenv.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: dwmapi.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: urlmon.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: mpr.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sspicli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: winmmbase.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: iertutil.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: srvcli.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: netutils.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: aclayers.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sfc.dll
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: opengl32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: glu32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: wsock32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: msvcr100.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: opengl32.dll
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperSection loaded: glu32.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeStatic file information: File size 29866288 > 1048576
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\MSVCR100.dllJump to behavior
Source: Binary string: msvcr100.amd64.pdb source: unpack200.exe, 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000002.00000002.1762948414.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000003.00000002.1768255152.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000004.00000002.1782178479.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000005.00000002.1871527860.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 00000007.00000002.1930861381.00000000666D1000.00000002.00000001.01000000.00000009.sdmp, unpack200.exe, 0000000A.00000002.1990708269.00000000666D1000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: c:\jenkins\workspace\zulu8-build-win64\release\jdk\objs\unpackexe\unpack200.pdb source: unpack200.exe, 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000002.00000002.1763245698.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000003.00000000.1763852294.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000004.00000000.1768887134.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000005.00000002.1871949632.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 00000007.00000002.1931438331.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp, unpack200.exe, 0000000A.00000002.1991124687.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmp
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666596BC LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_666596BC
Source: utils_wnative_winpty_intel-64.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x38241
Source: jjs.exe.0.drStatic PE information: real checksum: 0xd1e5 should be: 0xc81f
Source: shcad.exe.0.drStatic PE information: real checksum: 0x13bcf should be: 0x2dd75
Source: jvm.dll.0.drStatic PE information: real checksum: 0x8a0779 should be: 0x8a10db
Source: javaw.exe.0.drStatic PE information: real checksum: 0x3ff01 should be: 0x41637
Source: winpty-agent.exe.0.drStatic PE information: real checksum: 0x3dddd should be: 0x4267d
Source: utils_wnative_dxgi_intel-64.dll.0.drStatic PE information: real checksum: 0x26d83 should be: 0x27976
Source: cadasuser.exe.0.drStatic PE information: real checksum: 0x15750 should be: 0x2c5c2
Source: Remote SupportWinLauncher.exe.0.drStatic PE information: real checksum: 0x6b466 should be: 0xa1f9c
Source: utils_wnative_intel-32.dll.0.drStatic PE information: real checksum: 0x38c46 should be: 0x39518
Source: simplehelper64.exe.0.drStatic PE information: real checksum: 0x14642 should be: 0x15834
Source: SimpleService.exe.0.drStatic PE information: real checksum: 0x1cc64 should be: 0x1e28d
Source: windowslauncher.exe.0.drStatic PE information: real checksum: 0x27e73 should be: 0x36d42
Source: jwutils_win32.dll.0.drStatic PE information: real checksum: 0x26fe6 should be: 0x3664f
Source: utils_wnative_shpty_intel-64.dll.0.drStatic PE information: real checksum: 0x18027 should be: 0x2697f
Source: utils_wnative_winpty_intel-32.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x33d45
Source: freetype.dll.0.drStatic PE information: real checksum: 0xaf521 should be: 0xa6754
Source: utils_wnative_intel-64.dll.0.drStatic PE information: real checksum: 0x3b2f0 should be: 0x3c0ae
Source: Remote Support.exe.0.drStatic PE information: real checksum: 0x27e73 should be: 0x36d42
Source: unpack200.exe.0.drStatic PE information: real checksum: 0x3ad77 should be: 0x3b9ae
Source: utils_wnative_dxgi_intel-32.dll.0.drStatic PE information: real checksum: 0x28f63 should be: 0x2a362
Source: winpty-agent64.exe.0.drStatic PE information: real checksum: 0x4c96d should be: 0x4acd5
Source: session_win.exe.0.drStatic PE information: real checksum: 0x18543 should be: 0x35d94
Source: java.exe.0.drStatic PE information: real checksum: 0x33084 should be: 0x3cd32
Source: pack200.exe.0.drStatic PE information: real checksum: 0x5fdd should be: 0x7713
Source: java-rmi.exe.0.drStatic PE information: real checksum: 0xc872 should be: 0x6521
Source: elev_win.exe.0.drStatic PE information: real checksum: 0x19839 should be: 0x3cd17
Source: jwutils_win64.dll.0.drStatic PE information: real checksum: 0x3aa5f should be: 0x44100
Source: simplehelper.exe.0.drStatic PE information: real checksum: 0x16ea2 should be: 0x150fa
Source: utils_wnative_shpty_intel-32.dll.0.drStatic PE information: real checksum: 0x1a02b should be: 0x2375a
Source: msvcr100.dll.0.drStatic PE information: section name: _CONST
Source: msvcr100.dll.0.drStatic PE information: section name: text
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6670B37B push rbp; iretd 1_2_6670B38E
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66706E1B push rbp; iretd 1_2_66706E2E
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66708B1D push rcx; retf 003Fh1_2_66708B1E
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66707885 push 0000003Eh; ret 1_2_66707887
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jli.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\dt_socket.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-64.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\sunmscapi.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\npt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\net.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\JAWTAccessBridge-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\JavaAccessBridge-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java-rmi.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jdwp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\j2pcsc.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeFile created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\WindowsAccessBridge-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\instrument.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\fontmanager.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\verify.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsound.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\javaw.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\splashscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\hprof.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jjs.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\server\jvm.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jawt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsdt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\session_win.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\pack200.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\SimpleService.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\msvcr100.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeFile created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shcad.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_win.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\nio.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\j2pkcs11.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\lcms.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\freetype.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jaas_nt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\sunec.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\awt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\mlib_image.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\cadasuser.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\dt_shmem.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsoundds.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\management.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\zip.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeFile created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeFile created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation HelperJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\readme.txtJump to behavior
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShTemporaryService53942608\Parameters
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6665D73C GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,GetModuleHandleW,GetProcAddress,GetLastError,1_2_6665D73C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)F
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_PhysicalMemory
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MemoryErrorCorrection from Win32_PhysicalMemoryArray
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT DeviceID, Name, Model, InterfaceType, MediaType, Size, SerialNumber from Win32_DiskDrive
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_PhysicalMemory
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MemoryErrorCorrection from Win32_PhysicalMemoryArray
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6665BAC4 rdtsc 1_2_6665BAC4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jli.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\dt_socket.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\sunmscapi.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\npt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\w2k_lsa_auth.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent64.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\net.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\JAWTAccessBridge-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\JavaAccessBridge-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java-rmi.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jdwp.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\j2pcsc.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\WindowsAccessBridge-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\instrument.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\fontmanager.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\verify.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsound.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\javaw.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\splashscreen.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\hprof.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\server\jvm.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jjs.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jawt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsdt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\pack200.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shcad.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\nio.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-64.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\j2pkcs11.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\lcms.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\freetype.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jaas_nt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\sunec.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\awt.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\cadasuser.exeJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\mlib_image.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\dt_shmem.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsoundds.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-32.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\management.dllJump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\zip.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeAPI coverage: 4.8 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe TID: 5340Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber,Version,Name,Manufacturer from Win32_BIOS
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT IdentifyingNumber,Version,Vendor,Name from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * from Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666644A8 _errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,SetErrorMode,1_2_666644A8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666663E4 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_666663E4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666683E8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_666683E8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666623A0 FindClose,FindFirstFileExA,FindNextFileA,FindClose,1_2_666623A0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66665EE8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66665EE8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66663F10 _errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExA,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileA,GetLastError,_errno,_errno,_errno,1_2_66663F10
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66667F84 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66667F84
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66662C0C FindClose,FindFirstFileExW,FindNextFileW,FindClose,1_2_66662C0C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66666DDC __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66666DDC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66667B1C __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_66667B1C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6666885C __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_6666885C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666668D8 __doserrno,_errno,_invalid_parameter_noinfo,_errno,__doserrno,_getdrive,FindFirstFileExA,_errno,_errno,_errno,_errno,_errno,GetDriveTypeA,free,free,_errno,__doserrno,_wsopen_s,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FindClose,GetLastError,FindClose,1_2_666668D8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666649E4 _errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_errno,_errno,_errno,_errno,_invalid_parameter_noinfo,FindNextFileW,GetLastError,_errno,_errno,_errno,1_2_666649E4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00402DE0 FindFirstFileA,GetLastError,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToLocalFileTime,FileTimeToSystemTime,15_2_00402DE0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666A9780 VirtualQuery,GetSystemInfo,SetThreadStackGuarantee,VirtualAlloc,VirtualProtect,1_2_666A9780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\lib\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeFile opened: C:\Users\user\Jump to behavior
Source: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Copyright (C) 2009 VMware, Inc. All Rights Reserved.
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeAPI call chain: ExitProcess graph end nodegraph_1-63936
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeAPI call chain: ExitProcess graph end nodegraph_1-64009
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess information queried: ProcessInformation
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6665BAC4 rdtsc 1_2_6665BAC4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B06B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_666B06B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666596BC LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,1_2_666596BC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666AECC8 GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,1_2_666AECC8
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B06B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_666B06B0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666B02A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_666B02A4
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D833EA60 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,__crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,__crt_debugger_hook,GetCurrentProcess,TerminateProcess,1_2_00007FF6D833EA60
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D833F064 SetUnhandledExceptionFilter,1_2_00007FF6D833F064
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_00007FF6D83503F0 SetUnhandledExceptionFilter,1_2_00007FF6D83503F0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00406880 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00406880
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_0040F500 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,15_2_0040F500
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_00406230 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_00406230
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: 15_2_004062D0 RtlCaptureContext,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,15_2_004062D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeMemory protected: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe" "-Xshare:dump" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713584048640-1"Jump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)FJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)FJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\Windows\System32\icacls.exe icacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)FJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.serviceJump to behavior
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe "C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
Source: C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService53942608
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\crs-agent.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\crs-agent.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\charsets.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\charsets.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\jsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\jsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\jaccess.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\jaccess.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunpkcs11.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\openjsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\openjsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\legacy8ujsse.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\cldrdata.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\cldrdata.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\access-bridge-64.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunmscapi.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\rt.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\rt.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583921-5-app\customer-jar-with-dependencies.jar"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\remote support.exe" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx512m -xms5m -xx:minheapfreeratio=15 -xx:maxheapfreeratio=30 -djava.util.arrays.uselegacymergesort=true -djava.net.preferipv4stack=true -dsun.java2d.dpiaware=true -dhttps.protocols=tlsv1,tlsv1.1,tlsv1.2,tlsv1.3 -dsun.awt.fontconfig=fontconfig.properties jwrapper.jwrapper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\unrestricted\jwlaunchproperties-1713584048640-1"
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\session_win.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\windowslauncher.exe" "-cp" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" "-xmx128m" "-xms5m" "-dsun.java2d.dpiaware=true" "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" "com.aem.sdesktop.util.mousemover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\windowslauncher.exe" "-cp" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" "-xmx128m" "-xms5m" "-dsun.java2d.dpiaware=true" "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" "com.aem.sdesktop.util.mousemover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\session elevation helper" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx128m -xms5m -dsun.java2d.dpiaware=true "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" com.aem.sdesktop.util.mousemover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\crs-agent.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\crs-agent.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\charsets.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\charsets.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\jsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\jsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\jaccess.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\jaccess.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunpkcs11.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\openjsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\openjsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\legacy8ujsse.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\cldrdata.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\cldrdata.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\access-bridge-64.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\ext\sunmscapi.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\rt.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583982-6-app\lib\rt.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\unpack200.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrappertemp-1713583921-5-app\customer-jar-with-dependencies.jar" Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\remote support.exe" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx512m -xms5m -xx:minheapfreeratio=15 -xx:maxheapfreeratio=30 -djava.util.arrays.uselegacymergesort=true -djava.net.preferipv4stack=true -dsun.java2d.dpiaware=true -dhttps.protocols=tlsv1,tlsv1.1,tlsv1.2,tlsv1.3 -dsun.awt.fontconfig=fontconfig.properties jwrapper.jwrapper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\unrestricted\jwlaunchproperties-1713584048640-1"Jump to behavior
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\session_win.exe" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\windowslauncher.exe" "-cp" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" "-xmx128m" "-xms5m" "-dsun.java2d.dpiaware=true" "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" "com.aem.sdesktop.util.mousemover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\windowslauncher.exe" "-cp" "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" "-xmx128m" "-xms5m" "-dsun.java2d.dpiaware=true" "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" "com.aem.sdesktop.util.mousemover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeProcess created: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-windows64jre-00084000053-complete\bin\session elevation helper" -cp "c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete\customer-jar-with-dependencies.jar" -xmx128m -xms5m -dsun.java2d.dpiaware=true "-djava.library.path=c:\users\user\appdata\roaming\jwrapper-remote support\jwrapper-remote support-00102236241-complete" com.aem.sdesktop.util.mousemover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup
Source: unpack200.exe, 0000000B.00000003.2006517931.0000000002A3F000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000B.00000003.2012424199.0000000002A3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: manksmanks dilimanksimanobomanobo dilimanobo jezikmanobo kalbamanobo keelmanobo sprogmanobokielimanobospr
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: _getptd,GetLocaleInfoA,1_2_666BB6E0
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: GetLocaleInfoW,1_2_666BB7CC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: GetLocaleInfoW,malloc,GetLocaleInfoW,WideCharToMultiByte,free,1_2_666B95DC
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: GetLastError,free,free,GetLocaleInfoW,GetLocaleInfoW,free,GetLocaleInfoW,1_2_666B1058
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: EnumSystemLocalesA,1_2_666BBC6C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: EnumSystemLocalesA,1_2_666BBD0C
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: _getptd,EnumSystemLocalesA,GetUserDefaultLCID,GetLocaleInfoW,GetLocaleInfoW,GetACP,IsValidCodePage,IsValidLocale,GetLocaleInfoA,GetLocaleInfoA,_itow_s,1_2_666BBD80
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoW,1_2_666BBB38
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: _getptd,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoW,1_2_666BB864
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exeCode function: GetLocaleInfoA,15_2_00412F00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeQueries volume information: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\nativesplash.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeQueries volume information: C:\ProgramData\SimpleHelp\ElevateSH\lock VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exeQueries volume information: C:\ProgramData\SimpleHelp\ElevateSH\lock VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_6667B768 _errno,GetLocalTime,_errno,_invalid_parameter_noinfo,1_2_6667B768
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_66678E10 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,1_2_66678E10
Source: C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exeCode function: 1_2_666A8E68 HeapCreate,GetVersion,HeapSetInformation,1_2_666A8E68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Deletes keys which are related to windows safe boot (disables safe mode boot)
Source: C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeRegistry key or value deleted: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ShTemporaryService53942608

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts331
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		11
Disable or Modify Tools		111
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault Accounts2
Native API		1
DLL Search Order Hijacking		1
DLL Search Order Hijacking		1
Deobfuscate/Decode Files or Information		LSASS Memory3
File and Directory Discovery		Remote Desktop Protocol111
Input Capture		1
Encrypted Channel		Exfiltration Over Bluetooth1
Inhibit System Recovery
Email AddressesDNS ServerDomain Accounts12
Command and Scripting Interpreter		1
Windows Service		1
Windows Service		3
Obfuscated Files or Information		Security Account Manager148
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Services File Permissions Weakness		12
Process Injection		1
DLL Side-Loading		NTDS451
Security Software Discovery		Distributed Component Object ModelInput Capture12
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
Services File Permissions Weakness		1
DLL Search Order Hijacking		LSA Secrets23
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Masquerading		Cached Domain Credentials2
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items23
Virtualization/Sandbox Evasion		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Services File Permissions Weakness		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1429025 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 20/04/2024 Architecture: WINDOWS Score: 69 72 help.alphetacs.com 2->72 76 Snort IDS alert for network traffic 2->76 78 Multi AV Scanner detection for dropped file 2->78 80 Multi AV Scanner detection for submitted file 2->80 82 3 other signatures 2->82 10 SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe 293 2->10         started        15 SimpleService.exe 2->15         started        signatures3 process4 dnsIp5 74 help.alphetacs.com 139.64.137.101, 49734, 49735, 49742 EXPOHLUS Reserved 10->74 62 C:\Users\user\AppData\Roaming\...\zip.dll, PE32+ 10->62 dropped 64 C:\Users\user\AppData\...\windowslauncher.exe, PE32+ 10->64 dropped 66 C:\Users\user\AppData\...\w2k_lsa_auth.dll, PE32+ 10->66 dropped 68 68 other files (67 malicious) 10->68 dropped 90 Writes a notice file (html or txt) to demand a ransom 10->90 17 Remote Support.exe 32 10->17         started        22 unpack200.exe 1 10->22         started        24 unpack200.exe 1 10->24         started        30 11 other processes 10->30 26 SimpleService.exe 15->26         started        28 session_win.exe 15->28         started        file6 signatures7 process8 dnsIp9 70 127.0.0.1 unknown unknown 17->70 56 C:\ProgramData\...\SimpleService.exe, PE32 17->56 dropped 58 C:\ProgramData\SimpleHelp\...\elev_win.exe, PE32 17->58 dropped 84 Installs a global keyboard hook 17->84 32 elev_win.exe 17->32         started        34 icacls.exe 17->34         started        36 icacls.exe 17->36         started        38 icacls.exe 17->38         started        86 Deletes keys which are related to windows safe boot (disables safe mode boot) 26->86 40 windowslauncher.exe 28->40         started        file10 signatures11 process12 file13 43 elev_win.exe 32->43         started        45 conhost.exe 34->45         started        47 conhost.exe 36->47         started        49 conhost.exe 38->49         started        60 C:\Users\user\...\Session Elevation Helper, PE32+ 40->60 dropped 51 Session Elevation Helper 40->51         started        process14 process15 53 SimpleService.exe 43->53         started        signatures16 88 Enables network access during safeboot for specific services 53->88

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe16%ReversingLabsWin64.Malware.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe0%ReversingLabs
C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe0%VirustotalBrowse
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe4%ReversingLabs
C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe1%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exe17%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exe11%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\SimpleService.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\SimpleService.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\cadasuser.exe4%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\cadasuser.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_mac0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_mac0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_win.exe4%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_win.exe1%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win32.dll1%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win64.dll0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\session_win.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\session_win.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\setsid0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\setsid0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shcad.exe4%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shcad.exe0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil32arm0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil32arm0%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil640%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil640%VirustotalBrowse
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil64arm0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper64.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-32.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-64.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
help.alphetacs.com3%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#0%URL Reputationsafe
https://sectigo.com/CPS0D0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://www.freebxml.org/0%VirustotalBrowse
http://www.freebxml.org/).0%VirustotalBrowse
http://0.0.254.2540%VirustotalBrowse
http://www.nexus.hu/upx0%VirustotalBrowse
http://openjsse.github.io/legacy8ujsse/0%VirustotalBrowse
http://zulu.org/forum0%VirustotalBrowse
http://www.xfree86.org/)0%VirustotalBrowse
http://upx.tsx.org0%VirustotalBrowse
http://wildsau.idv.uni-linz.ac.at/mfx/upx.html0%VirustotalBrowse
http://openjsse.github.io/openjsse/0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
help.alphetacs.com
139.64.137.101
truetrueunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
http://help.alphetacs.com/customer/JWrapper-Remote%20Support-version.txttrue
    		unknown
    http://help.alphetacs.com/customer/JWrapper-Windows64JRE-version.txt?time=4186938694true
      		unknown
      http://help.alphetacs.com/customer/JWrapper-JWrapper-version.txttrue
        		unknown
        http://help.alphetacs.com/branding/applet_splash.png?a=3true
          		unknown
          http://help.alphetacs.com/simplehelpdetails.txttrue
            		unknown
            http://help.alphetacs.com/branding/brandingfiles?a=3true
              		unknown
              http://help.alphetacs.com/simplehelpdisclaimer.txt?language=entrue
                		unknown
                http://help.alphetacs.com/translations_user/en.txttrue
                  		unknown
                  http://help.alphetacs.com/server_side_parameterstrue
                    		unknown
                    http://help.alphetacs.com/branding/branding.properties?a=3true
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://maven.apa.org/POM/4.0.0unpack200.exe, 00000001.00000003.1722430246.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722019491.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722558940.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722133126.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722206981.0000000000F38000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.azul.com/license/zulu_third_party_licenses.htmlSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://www.freebxml.org/SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                          http://www.oracle.com/goto/opensourcecode/requestSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://maven.apache.org/POM/4.0.0unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://ocsp.sectigo.com0SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.azul.comSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.freetype.org/license.htmlSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://upx.sourceforge.net/upx-license.html.SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/tip/src/share/native/sun/security/ec/implSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://maven.apaunpack200.exe, 00000001.00000003.1722430246.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722019491.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722558940.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722133126.0000000000F38000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1722206981.0000000000F38000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.freebxml.org/).SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        http://0.0.254.254SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000000.1675586934.0000000000444000.00000002.00000001.01000000.00000003.sdmpfalseunknown
                                        http://mozilla.org/MPL/2.0/.SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.apache.org/).SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.unicode.org/Public/SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://sectigo.com/CPS0DSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://relaxngcc.sf.net/).SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.nexus.hu/upxSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                http://tartarus.org/~martin/PorterStemmerSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/gilteneunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://openjdk.java.net/legal/exception-modules-2007-05-08.htmlSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://maven.apache.org/xsd/maven-4.0.0.xsdunpack200.exe, 00000001.00000003.1744176501.0000000000E5E000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000001.00000003.1744014977.0000000000E51000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/dkozorezunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.oasis-open.org/policies-guidelines/iprSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://zulu.org/forumSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                            http://wildsau.idv.uni-linz.ac.at/mfx/upx.htmlSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                            http://0.0.254.254%luSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000000.1675586934.0000000000444000.00000002.00000001.01000000.00000003.sdmpfalse
                                                              		low
                                                              http://docs.azul.com/zulu/zuludocs/SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.unicode.org/Public/.SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://sectigo.com/CPS0SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.apache.org/licenses/SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/alexeybakhtinunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://openjsse.github.io/legacy8ujsse/unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                        https://docs.oracle.com/en/java/javase/13/docs/api/unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1875254613.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.unicode.org/reports/SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://oss.sonatype.org/unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1924258092.00000000001E9000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1875254613.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1923250678.00000000001E5000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1987093455.0000000000B11000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986999297.0000000000C45000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1987498983.0000000000C49000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.xfree86.org/)SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                              https://docs.oracle.com/javase/8/docs/api/unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.ecma-international.org/memento/codeofconduct.htmSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://openjdk.java.net/legal/gplv2unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.unicode.org/cldr/data/.SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://maven.apache.org/xsd/maven-4.0.0.xsdunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://opensource.org/licenses/BSD-2-Clauseunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://openjsse.github.io/openjsse/unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                          https://github.com/papalukasunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.gnu.org/licenses/gpl-2.0.txtSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.thawte.com/cps0/SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://docs.oracle.com/en/java/javase/11/docs/api/unpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.ecma-international.orgSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.thawte.com/repository0WSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://oss.sonatype.org/content/repositories/snapshotsunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1875254613.0000000000BCF000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://maven.apache.org/POM/4.0unpack200.exe, 0000000A.00000003.1935319033.0000000000D17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://secure.comodo.com/CPS0LSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.00000000037B3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.1695540330.0000000003072000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://github.com/openjsse/openjsse/issuesunpack200.exe, 00000007.00000003.1923095182.00000000008D1000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 00000007.00000003.1922766281.00000000008D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://docs.azul.com/zulu/zulurelnotes/SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.unicode.org/copyright.html.SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://upx.tsx.orgSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                                  https://github.com/legacy8ujsse/legacy8ujsse/issuesunpack200.exe, 0000000A.00000003.1935839174.0000000000CDC000.00000004.00000020.00020000.00000000.sdmp, unpack200.exe, 0000000A.00000003.1986752481.0000000000ACE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.gnu.org/copyleft/gpl.htmlSecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe, 00000000.00000003.2265858314.0000000004486000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      139.64.137.101
                                                                                                                      		help.alphetacs.comReserved
                                                                                                                      		62809EXPOHLUStrue

                                                                                                                      Private

                                                                                                                      IP
                                                                                                                      127.0.0.1

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                      Analysis ID:1429025
                                                                                                                      Start date and time:2024-04-20 05:31:09 +02:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 10m 23s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:33
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal69.rans.spyw.evad.winEXE@53/257@2/2
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 100%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 98%
                                                                                                                      • Number of executed functions: 42
                                                                                                                      • Number of non-executed functions: 261
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      05:32:02API Interceptor2x Sleep call for process: SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      No context

                                                                                                                      Domains

                                                                                                                      No context

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      EXPOHLUSacZPG2kRsL.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 139.64.231.75
                                                                                                                      xZVrVleW5W.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                      • 139.64.243.26
                                                                                                                      z46280824-RemittanceAdvise.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                      • 139.64.172.17
                                                                                                                      https:/slow1.lepowskicafekeywest.com/0974lephuoxsez1aPD0AxdIONoz9ARbWCOkvzw321ILVH%2B%2BvDD6Ui7ATnFLQ7mL6l7WLkuqiCN%2F935swEoFUFtIIJGxpA%3D%3Dows1798/whe=y87534/werig=w54y98745/w=g345ht097Get hashmaliciousPhisherBrowse
                                                                                                                      • 139.64.135.188
                                                                                                                      https:/slow1.lepowskicafekeywest.com/0974lephuoxsez1aPD0AxdIONoz9ARbWCOkvzw321ILVH%2B%2BvDD6Ui7ATnFLQ7mL6l7WLkuqiCN%2F935swEoFUFtIIJGxpA%3D%3Dows1798/whe=y87534/werig=w54y98745/w=g345ht097Get hashmaliciousPhisherBrowse
                                                                                                                      • 139.64.135.188
                                                                                                                      https://southportland.org/Get hashmaliciousUnknownBrowse
                                                                                                                      • 104.152.143.205
                                                                                                                      ye55fIjypU.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 139.64.243.20
                                                                                                                      l9wJ2At568.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 139.64.218.48
                                                                                                                      4nSx3g82ma.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 139.64.243.18
                                                                                                                      CfvSzFxERF.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                      • 139.64.218.49

                                                                                                                      JA3 Fingerprints

                                                                                                                      No context

                                                                                                                      Dropped Files

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exeSecuriteInfo.com.Trojan.Siggen21.29401.5442.21101.exeGet hashmaliciousUnknownBrowse
                                                                                                                        SecuriteInfo.com.Trojan.Siggen21.29401.5442.21101.exeGet hashmaliciousUnknownBrowse
                                                                                                                          SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                            SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                              SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                  SecuriteInfo.com.Trojan.Siggen21.26234.28756.2536.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    SecuriteInfo.com.Trojan.Siggen21.26234.28756.2536.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      SecuriteInfo.com.W64.Remsim.A.gen.Eldorado.26269.16542.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        SecuriteInfo.com.W64.Remsim.A.gen.Eldorado.26269.16542.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exeSecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                            SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exeGet hashmaliciousSimpleHelpRemoteAdminBrowse
                                                                                                                                              SecuriteInfo.com.Trojan.Siggen22.49613.19028.20311.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen21.29401.24890.4765.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          SecuriteInfo.com.Trojan.Siggen21.29401.24890.4765.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            SecuriteInfo.com.Trojan.Siggen22.5496.7508.3232.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (650), with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):922
                                                                                                                                                              Entropy (8bit):5.364530462648268
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:A/dXImo/dXm/3HowL/dXrXIc05QX/dXBgzrWy:CVImqVk3ZV85KVGrWy
                                                                                                                                                              MD5:D79C0E9D994C72F8A6F3B859C15AB7CA
                                                                                                                                                              SHA1:3D30955FD00C7E5FFB7080FB79081DFB2B64E608
                                                                                                                                                              SHA-256:0343249A73327329FF4232323937FBB45875AABD379F71758FEE763B1B1BBEEE
                                                                                                                                                              SHA-512:CBA76642BA4AF2A8770C0C2EE432E0C7240180A9ECF8262340A6AEBA19C07994D5C4CA6DBEDE9394001D9CEF13A9EB8E330E3B7984EB28C2D4C47AE28F4997F6
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:NAME:ShTemporaryService53942608..DISPLAYNAME:ShTemporaryService53942608..DESCRIPTION:ShTemporaryService53942608..WORKINGDIR:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete..CMDLINE:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"..AUTORESTART:no..INTERACTIVE:no..RUNONCE:yes..

                                                                                                                                                              C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):116112
                                                                                                                                                              Entropy (8bit):6.494947054010256
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:OpbP7TtLV/xaTIn5ei4dJe5xmtvgX93uSpp2cuty/tKBmACNBuACNA:UHj93uuw0/tKBmF+Fu
                                                                                                                                                              MD5:871F2AE119AC463E75BBEABC1E925AA9
                                                                                                                                                              SHA1:694D8B456ABC255DA9EC0E9B270116163CB5D132
                                                                                                                                                              SHA-256:313000B647E07FE9C08D538D160B5ADB4849A7E2E19C16E5E0F188B176470229
                                                                                                                                                              SHA-512:CD1E7EDA3B0591B20587990BCACAADC2424D2F9F72D071C3C4EFAC4BBB16665C7B267AE332F95CADF1CA3501F3D7B9CBC9FBBD3CFF07E1FC69BF3C9F805F1CE3
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.5442.21101.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.5442.21101.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18218.24338.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.26234.28756.2536.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.26234.28756.2536.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.W64.Remsim.A.gen.Eldorado.26269.16542.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.W64.Remsim.A.gen.Eldorado.26269.16542.exe, Detection: malicious, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E...$...$...$......$......$...+..$...$..U$......$......$......$..Rich.$..........................PE..L.....`.....................p.......Q............@.................................d.......................................,0..P....p...............p...U...........................................)..@..................../..@....................text...*........................... ..`.rdata..@:.......@..................@..@.data....,...@... ...@..............@....rsrc........p.......`..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):243992
                                                                                                                                                              Entropy (8bit):7.278640957364001
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:4ukjf+vEAQajI4/f5rrJrr1n9rbH9r/9ro9r3Htretr5FahFc8FDF5FnFI:Fkjf+3E4n5h1JpiZHEva28dTdq
                                                                                                                                                              MD5:01DEEF7F533173DA5E2B26B00AFDE108
                                                                                                                                                              SHA1:CB1A8B2784DD8EF54E940FA5455FBCE20F928952
                                                                                                                                                              SHA-256:3330AF7877EC280AC33A327A7C4AD99BC8C437E8FF0B4EEBB8C82B230E2148EE
                                                                                                                                                              SHA-512:2451BD318016858FDCC0007D28D781AA62F708A59480DE2044185C8D27E68B25BE5995AE6091546D7C8DF17ECBC0336D9C3F68F5297B07A7435FC2F1DBCE49A6
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.7970.18980.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen22.49613.19028.20311.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.18932.7666.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.1678.25545.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.24890.4765.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen21.29401.24890.4765.exe, Detection: malicious, Browse
                                                                                                                                                              • Filename: SecuriteInfo.com.Trojan.Siggen22.5496.7508.3232.exe, Detection: malicious, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...........................................................Rich............................PE..L....GG_.....................`.......5............@..........................P......9.......................................<...d....@..............(d...T..............................................@............................................text...h........................... ..`.rdata...(.......0..................@..@.data...d,....... ..................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\JWrapper-Windows64JRE-version[1].txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11
                                                                                                                                                              Entropy (8bit):1.672933031873368
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:L/9:J
                                                                                                                                                              MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                              SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                              SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                              SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00084000053

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\JWrapper-Windows64JRE-version[2].txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11
                                                                                                                                                              Entropy (8bit):1.672933031873368
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:L/9:J
                                                                                                                                                              MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                              SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                              SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                              SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00084000053

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\JWrapper-Windows64JRE-version[1].txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11
                                                                                                                                                              Entropy (8bit):1.672933031873368
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:L/9:J
                                                                                                                                                              MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                              SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                              SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                              SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00084000053

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\hsperfdata_user\6176

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):65536
                                                                                                                                                              Entropy (8bit):1.583983914156104
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:9r+XcrubI8Ghv237T28OkVwVIVKXSVA8rO2vl9y2eaT0fnmvUTG9CdraFiHvPs:9r+XB08GU37T2tkw5XSdR9y25ZvE5
                                                                                                                                                              MD5:3BED7B086BEB3941828A713580598200
                                                                                                                                                              SHA1:15FA075AF8E74F1BAC00D2538A7E58C0F1A9D800
                                                                                                                                                              SHA-256:BF6039EF1F2A61E9CE3C9B99A198A4C254AC8186341484587BBD817E5AAF4BC0
                                                                                                                                                              SHA-512:07C194042D59BFCFCB12DA542F18230BF7D560FECB1B43ADB82C74226A7A776C8265720228FE351DD4E13CA764DBD0FFA1E4053D16282531956849D923DBAC3A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.........G.......8...... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\hsperfdata_user\7188

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):65536
                                                                                                                                                              Entropy (8bit):1.637458463141096
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:9ZmrI08GhadElhbVwVIZYrXYyh7URY8fo+TS8QnmvUTG9CdraFiHvjM4G:9ZC8GhadELpwBXY0GNLvE5JG
                                                                                                                                                              MD5:7A577727168C31BC066DEAA8C3A4FB1F
                                                                                                                                                              SHA1:AB468B000B0E8A300AE9011132302892DB79FF2C
                                                                                                                                                              SHA-256:8FEB2D5437A91ABD73CF913C145CFDB771985C8DD675D702F7D0E6217CB49488
                                                                                                                                                              SHA-512:C07EDC2386538666E929772B86C41DD6760FDE52FC974FFBF9E18E940203BCBE3A1FC96CC55EC26FAC2C64F51B4F639BE373D8FC675D4772C0BF2710451C709F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.........I......X&...... .......8...........J...0...sun.rt._sync_Inflations.....^.......8...........J...0...sun.rt._sync_Deflations.....[.......@...........J...8...sun.rt._sync_ContendedLockAttempts..s.......8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\imageio4525615545212259805.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):18496
                                                                                                                                                              Entropy (8bit):7.975066081887855
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:0Hr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382nx:J8v5oa8vNnt5Zn3W0u
                                                                                                                                                              MD5:8CDB1DC5C629E2A459AB72E387450969
                                                                                                                                                              SHA1:E61BC7399E7BF52443D26A89C9DE4BBB6F68DC27
                                                                                                                                                              SHA-256:70C92C427605C87AA08AE69425D4182C6195894005C85E3FD0B82C09F27C52F6
                                                                                                                                                              SHA-512:20414B5DD96C48A5258B8EDBF26E4EC4A4D4D1443730038F843D6D26273E0049014D0D867690834EAA3F2BFFFFD63CF46A0800B25559F73A365CDAF298016844
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR.............\r.f..H.IDATx..}.xSW..'S..;s..S.df.....$........b....!.Tb...$..m....Jh!...U.1.....u$..,.>.$..}..C...:k.k....NNT.P.B...*T.P.B....?..Op..'h"..}.......'lr.....}#.../..X*........../G...I.e..=......./...~B.......t.....+8..9..L...*.&.\..LH.....t.@........^F..o..#\B...*.&........d.P."...D.A@7:.>...?J..T.XY<...<..#."E.Gd.eO.B...~.)P ....9.s..PY=B.(..*...WMw..g.........0- .w......0.it./.e.P.HF...<..bBnD.....E.n.z..WG..!....2.....@...@....~.....N.A......$.m".F#.J<...3..x6B.:.n .v..l|.>..B..b..lH..Rj=*T,..b.kB.C...<R.D@.Q".y;.I`y.!Tm3m4.?.............)..*T...r.'_Y.E.?....j.$...3.z...T..2.3.A&.D.......\&r.V.B.^..@.M.H..`H..8R.8....it4.'8.[...qu..n...B.E...}.p..1QJ<..........~....'.p.....5(.!.1t...RKS.....W..)T.......KT..X.{..'.@.....Cv.F../~.4$.?..P!2B.8F..h.X........X...7.....#...`.Ct.. n...?R.S....../."g4C~..l.....(&...Dz.*.,..bT.FG)Q{..G..w..b..~O...3..1.H.1t..iyuN...'P.v2@....@Y:V.D.U...!..R....|.u..".h.'..3O.......I.|.i.w=..N@...

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\imageio4780253981931788370.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 10 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):442
                                                                                                                                                              Entropy (8bit):7.409164509719945
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:6v/7c986gyiEO1OMEFGbWiVD286w3D3vrEkUcoQifmGx:x9+YYogbWG2Cb7Yh
                                                                                                                                                              MD5:DD76E9D25A791CFEE83719EF9668D589
                                                                                                                                                              SHA1:5C923EBB8ED658F7546D66DFCBA2841432316771
                                                                                                                                                              SHA-256:61D10A9D780A09D2DE63536F88F9E14A86296ED804CD986978DE39EDF10299F2
                                                                                                                                                              SHA-512:D09E12EFD5373C43EBDB2B700A2EFDDED044A5909492FF8B804233D4D3FD9F3604DCFC60141677355BD838A11BE040506AFAE4BE9E48F4EF5F1598113EAD4FDF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR.............b.OK....IDAT(S5R.R.0.=yP...Ag........\9nx.@..&..2.Wz.y...:.+.u...C.....qb......Y.g......k.g.o...=............:.h)~.....-4=+...(M.bCf..........A..-.>..ij..C,n...0}i..7......^......Z.Xd..B:.V2..}..,M...4.P..a.O..&.e.p7.`..esU{,w]tM.V..td"55Q......'.53....0u.1..".....4.0.<CJZ.D..(.1q.@sL.(.3&....Ms}a..n......1..nZ.U...,;8KF..9...n....Y.H-{..:....@.5.td..a.o... .A./r..r&9f...Dg.S@}.. ..C....5..

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\imageio5969198081645735571.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 4 x 18, 8-bit grayscale, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):98
                                                                                                                                                              Entropy (8bit):5.530610295100729
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:yionv//thPlJttlllB/rtl1l2I4lupR5rNO:6v/lhPb/rt92IhDO
                                                                                                                                                              MD5:C8F15F669B039148667D14BA0592866A
                                                                                                                                                              SHA1:2B112EDDB281A1DAC53771F180D331DB42C34B28
                                                                                                                                                              SHA-256:8CC0A4A79E1B2D67F78E0E85EFD1A39265FCED4CF5A840C995CEAE7CB6F26F12
                                                                                                                                                              SHA-512:01673C65907F18459854B6E642CCCF85C2307485BD48829FBE66E3CED86A8BE5E8B6A88A47E7210DBE61523F16E0AF821AED2A3C204283A1EAFE7C4B375A661D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR.............Y. $...9IDAT.......@..1..2...1e8v......w.i..l..W...-.......e.....

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\imageio6464473047518619385.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:PNG image data, 378 x 251, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):50739
                                                                                                                                                              Entropy (8bit):7.982634767571555
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:gb+iLMgK04uhRX7jrMthbu08Iry5urANyFdGsTdWkO8T/YKqAoGnib:8tMuhR4Ju08KrXhTdw8bYBFb
                                                                                                                                                              MD5:2E8FA38BB6F03A0169350ADACA35523C
                                                                                                                                                              SHA1:8CCBCF98153A9D22F3918D1129BC8EF5415965C0
                                                                                                                                                              SHA-256:75A4A0EB01E53FFC7C15F2815A4FB37CFE8754DD60C994713A1505A036747BD8
                                                                                                                                                              SHA-512:7476B98560CEA831DBAE0C50ACF7D3010FE2D5612098A96203864D5F8990EDAD2921A92924F55C9F61380E6E81A513795FDE03D2170CDF58DCD3A8FCE7991C23
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR...z.........d;_Y....IDATx..}w.U.u...0.)Lcf(C.I4QE3C.UTS5C.5....d.....;....%$..%...w'.q.....^.8...)....Yk..>..{..s........r..{..[.j........H.....k4...qWt.f........Y.t.>......HZ;.c..=..s' .&r.qA.9..w.]Q..k.......+..x.(...u.^.,.l...n......,.gGv.W......u.....g..=...'.+J.qKt.o.2..rg.**..*...#..qW.x...^...|F..j..P.....[{N.|.....ep..?..DF<.0.... .D8.s.. .67....m..@....4.88h.p...}....Y.......{..<.....O...w.?{.7EO..:..%....wE..A.Q.WC.W}.....sk........!....1.Y....b1.Xl....bu..\../..[....:.Hk......A....6{...~.1..#.s..........s.`.O.~..9P.. ......qG.v.[b.g....}..A.g..+.;.O.....X.@;.......@..Ht.5..&>.....s.. ........".H8`.......@..F{.....)f.X..;>?6...7/6..\............s...(....xK......z5.{.g...w>....|..+|7.'..j.m......a......y?&.. ...;.I.k..........0...>...<.K.. .`N..6...p....4.88h.Ca.~'......m.H.'.ahc.....#......W.w........u.'<[......... .N..=I......o.).A.3.....|.]1..\..1zni>.....rb...1...F..>..@!.......b...>....x~l.6-.h..,...x?...<8..+..

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\imageio6511439493065227657.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 4 x 18, 8-bit grayscale, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):98
                                                                                                                                                              Entropy (8bit):5.530610295100729
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:yionv//thPlJttlllB/rtl1l2I4lupR5rNO:6v/lhPb/rt92IhDO
                                                                                                                                                              MD5:C8F15F669B039148667D14BA0592866A
                                                                                                                                                              SHA1:2B112EDDB281A1DAC53771F180D331DB42C34B28
                                                                                                                                                              SHA-256:8CC0A4A79E1B2D67F78E0E85EFD1A39265FCED4CF5A840C995CEAE7CB6F26F12
                                                                                                                                                              SHA-512:01673C65907F18459854B6E642CCCF85C2307485BD48829FBE66E3CED86A8BE5E8B6A88A47E7210DBE61523F16E0AF821AED2A3C204283A1EAFE7C4B375A661D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR.............Y. $...9IDAT.......@..1..2...1e8v......w.i..l..W...-.......e.....

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\imageio6517616620235852759.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 4 x 18, 8-bit/color RGB, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):167
                                                                                                                                                              Entropy (8bit):6.447389753692007
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:yionv//thPlJttnlmNKpBxgaGKfR24xt5mNR/GKuLg02S+QJeroONsuXKngrmu:6v/lhPEeSsf5x+7/8Oxc7ONsYFr/
                                                                                                                                                              MD5:B9D86873742C7080B430A5D4255253AC
                                                                                                                                                              SHA1:6E47FDD87C05B44F4AE5B20677F29DED22A2328C
                                                                                                                                                              SHA-256:83AF5F63866C20B1B2D2D436236B2FC4A45501B5D1CBAA66D7FAFB6603B6B7B6
                                                                                                                                                              SHA-512:59C8F07122875160B044368F215BA5ACACC1860D5FBF9BA38D6E26D26C9651D5679FBB72952940166737405D385F40D2B2289CF9C914AA6BF59BA26BC1B2D4B8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR...................~IDAT....9N.@..0o4....%4.".....;.>~...._p>...^.3.Y..U...........qs.......U.w.gTul..3...k72.....k.:^9..Lp.*.r..V...cuO<......?t-

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\imageio6573506601638423229.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:PNG image data, 756 x 502, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):268165
                                                                                                                                                              Entropy (8bit):7.989874009618773
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:czXUNtJX29URIOWdgZJOy75AxqfCgT8/Qv8SZAUveuE:cz6/m981vOWf3T8oXZPWt
                                                                                                                                                              MD5:D94109F7B417C011755ABE376FCDF1FA
                                                                                                                                                              SHA1:A932937B908748A1D8146DE5992741497E070FA0
                                                                                                                                                              SHA-256:8F730EF305A98F222404E494F6ACB709D7E12E934E9D4A4898D7AE2E9E43FC2F
                                                                                                                                                              SHA-512:30FED6453406CB7A7E7B5E7B7A8D9BAE043C2531058E50E7F58890F6158B570FE8F32EDFF59A87759C3CD1C0D991B7D257ECBF9735C7E0F81E73369F3CE064E5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR.....................IDATx..}..]U...(%!y..HBOH..ChOz....D.AzIH.K.y...TP..Tb..GGEg..G..g.>.q........^r.L...s.9.o..[....../(..".(.."...n...SN......>..C<.l[7fAt@..vu..b.....4f.g5>.>.F..zY...k.kY\S.'.E(.."..C.~....^..in|....Y....S._B....rl........\.\#\...J.......^i.....X...@.+.?.h..!......t.i.....fH,..... .#.. B..}.... x'..w..k.`.`f/...}.E....N.......}..,........n..!FC..5...kU...m..m...?.k.i..../..".....S.L...5?&A.h...AD...X....rl.......k.kU\3[i>.y .{..-.Z.....z;....@..`.Q.9......H.'..|)....k *....9".N.......N..w......h.v...F{0..m`....?.?.....A$.!|VY....9.v:..L..X.|/...].C<.q........`...Z...]......v.....5......QD.El..2`m.l.tY..YT....{.0.3..[..].Y.#q...FR.=.....1-.......xr5s..k.k...1..s...E.I.....e.'H.(.>.b.\C.....b!\k. f.h....b..j... V..]...@.J....1z.8...x.\........J.Ct....v.`=.>w.\...6......kZ..]..~mK.=4"z.A.....k....q.1.r....~.N.....w...}%......2.\..TYx..!.e$..1..w..j..N~.....$X-).....QD.ElU.2`...m..jfQ..G...b.W..."..,..@.....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\DetectedProxies

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                                                              SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                                                              SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                                                              SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\ProxyCredentials

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                                                              SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                                                              SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                                                              SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\basicinfo

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):457
                                                                                                                                                              Entropy (8bit):5.832618953788874
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:feeOKsQv3m5dXY1unQ8XXYkOTU6vKeKX0wlZNLm:mDQv2U1uJOrbOlvLm
                                                                                                                                                              MD5:4F1CAD524036837EEBCAC31373FCB8F2
                                                                                                                                                              SHA1:6C5F73E7C5DB2977DC220A6B5AABDE6766A1316C
                                                                                                                                                              SHA-256:8961F385313F6C6B81C7F8FE33556E024032BA274EE4571CFCE037BFC55B03FD
                                                                                                                                                              SHA-512:D15A7543B45560975C8D047A94E34F8A3093D390BC1837E2D2DF956FDF344AE8879BDADB5E31732DA4B694C6F70DFF156BBDBEA4DB5EA8AD44765BBA9B777657
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...&..................&{D6AE4DCF-2567-4352-B0FF-1F3CE5FA8409}...AKUPEM...VMware, Inc....R92747SGXT...............VMware Virtual RAM.....0..........DRAM....._.......\\.\PHYSICALDRIVE0...\\.\PHYSICALDRIVE0.....C8296WGA SCSI Disk Device...SCSI...HDD.. 6000c2942fce4d06663969f532e45d1a..........&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..w5.........&Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..w5...........SN2TU...DTOGA.."VMW201.00V.20829224.B64.2211211842...None..0

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\helpUalphetacsUcomG80\applet_splash.png

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:PNG image data, 378 x 251, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):50755
                                                                                                                                                              Entropy (8bit):7.982589995376076
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:gb+iLMgK04uhRX7jrMthbu08Iry5urANyFdGsTdWkO8T/YKqAoGni8:8tMuhR4Ju08KrXhTdw8bYBF8
                                                                                                                                                              MD5:68EC690B1CF585A2D5428DBD220CD8F7
                                                                                                                                                              SHA1:5525D6E03BF3905FC964ED8827AE7F2FF1762E83
                                                                                                                                                              SHA-256:6D85015955984AF97A3D18588C66395738DDEF8567C271EA152F780E7E4355BD
                                                                                                                                                              SHA-512:3C86FF07BFE324385AA1FAE01647291C736AC188E92E753C8B7159324FAD68A7C34030BF847FCF59DFB8560D022D15D875640F8BC67AAAD576D479CCBC412DA3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR...z.........d;_Y....IDATx..}w.U.u...0.)Lcf(C.I4QE3C.UTS5C.5....d.....;....%$..%...w'.q.....^.8...)....Yk..>..{..s........r..{..[.j........H.....k4...qWt.f........Y.t.>......HZ;.c..=..s' .&r.qA.9..w.]Q..k.......+..x.(...u.^.,.l...n......,.gGv.W......u.....g..=...'.+J.qKt.o.2..rg.**..*...#..qW.x...^...|F..j..P.....[{N.|.....ep..?..DF<.0.... .D8.s.. .67....m..@....4.88h.p...}....Y.......{..<.....O...w.?{.7EO..:..%....wE..A.Q.WC.W}.....sk........!....1.Y....b1.Xl....bu..\../..[....:.Hk......A....6{...~.1..#.s..........s.`.O.~..9P.. ......qG.v.[b.g....}..A.g..+.;.O.....X.@;.......@..Ht.5..&>.....s.. ........".H8`.......@..F{.....)f.X..;>?6...7/6..\............s...(....xK......z5.{.g...w>....|..+|7.'..j.m......a......y?&.. ...;.I.k..........0...>...<.K.. .`N..6...p....4.88h.Ca.~'......m.H.'.ahc.....#......W.w........u.'<[......... .N..=I......o.).A.3.....|.]1..\..1zni>.....rb...1...F..>..@!.......b...>....x~l.6-.h..,...x?...<8..+..

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\helpUalphetacsUcomG80\applet_splash@2x.png

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:PNG image data, 756 x 502, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):268181
                                                                                                                                                              Entropy (8bit):7.989869396702224
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:czXUNtJX29URIOWdgZJOy75AxqfCgT8/Qv8SZAUveuh:cz6/m981vOWf3T8oXZPWQ
                                                                                                                                                              MD5:72AC0C794C146FAAE9A2F9417092EDF6
                                                                                                                                                              SHA1:2490002549F1B1684DC669DF2ED3BC2AEB9DBBBA
                                                                                                                                                              SHA-256:754F4401293C14C483304EF87EB199C31F78A80D3C0DE64723CA7A0FE31E644A
                                                                                                                                                              SHA-512:43E70AB23316AB4538030AF532F67CF9CD2E3DAC34D34ADECE29B9C266201D9E9CF074C69114260E3F0C92ACC4B0D2B8212EF13D9921DA8D0FBB5FDD24E6E364
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR.....................IDATx..}..]U...(%!y..HBOH..ChOz....D.AzIH.K.y...TP..Tb..GGEg..G..g.>.q........^r.L...s.9.o..[....../(..".(.."...n...SN......>..C<.l[7fAt@..vu..b.....4f.g5>.>.F..zY...k.kY\S.'.E(.."..C.~....^..in|....Y....S._B....rl........\.\#\...J.......^i.....X...@.+.?.h..!......t.i.....fH,..... .#.. B..}.... x'..w..k.`.`f/...}.E....N.......}..,........n..!FC..5...kU...m..m...?.k.i..../..".....S.L...5?&A.h...AD...X....rl.......k.kU\3[i>.y .{..-.Z.....z;....@..`.Q.9......H.'..|)....k *....9".N.......N..w......h.v...F{0..m`....?.?.....A$.!|VY....9.v:..L..X.|/...].C<.q........`...Z...]......v.....5......QD.El..2`m.l.tY..YT....{.0.3..[..].Y.#q...FR.=.....1-.......xr5s..k.k...1..s...E.I.....e.'H.(.>.b.\C.....b!\k. f.h....b..j... V..]...@.J....1z.8...x.\........J.Ct....v.`=.>w.\...6......kZ..]..~mK.=4"z.A.....k....q.1.r....~.N.....w...}%......2.\..TYx..!.e$..1..w..j..N~.....$X-).....QD.ElU.2`...m..jfQ..G...b.W..."..,..@.....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig\branding\helpUalphetacsUcomG80\branding.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):360
                                                                                                                                                              Entropy (8bit):5.17709725115054
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:mg6AFCVKxHgFiREgPygFieKgJJkgFieAgbbHhqsMjAjgFiRXluJt4gPX:mpAFCVBFcNFN7J/FNFvhqsWvFcXkTF
                                                                                                                                                              MD5:06E342A9AFDB0F63F65CC48FEFDFFBC4
                                                                                                                                                              SHA1:5DCE12DEDA70A5CC14D508B07B79B527F85DD576
                                                                                                                                                              SHA-256:2C9A21794B41F9386DB02DC6228DBCDB14BE7CD2A1222CB9B4700A6356A8B80A
                                                                                                                                                              SHA-512:5DAE94FFA184C4B7A84042D744C12DB175929FA11F3CD5F194226EEEC439F9A76E7CF94FAC015E2621959E430DD32CD5B743046CBA5C485A706912991741E5B0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#SimpleHelp Branding Configuration.#Tue Feb 08 22:40:04 UTC 2022.RW_EXE_NAME_KEEP_OS=true.COLOR_APP_HEADER=\#FFFFFF.RW_EXE_NAME_KEEP_TYPE=true.SUPPORT_EXE_NAME=AlphetaCS.SUPPORT_EXE_NAME_KEEP_TYPE=true.RW_EXE_NAME=SimpleHelp Remote Work.SHOW_PREVIEW_IMAGES=true.SUPPORT_EXE_NAME_KEEP_OS=true.APPLICATION_NAME=Alpheta Computer Service.COLOR_WEB_HEADER=\#FFFFFF.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\ChosenLanguage

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2
                                                                                                                                                              Entropy (8bit):1.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:un:un
                                                                                                                                                              MD5:9CFEFED8FB9497BAA5CD519D7D2BB5D7
                                                                                                                                                              SHA1:094B0FE0E302854AF1311AFAB85B5203BA457A3B
                                                                                                                                                              SHA-256:DBD3A49D0D906B4ED9216B73330D2FB080EF2F758C12F3885068222E5E17151C
                                                                                                                                                              SHA-512:41DD75307A2E7C49CAF53FFF15AADA688275EF4D7950BEDF028612B73F343ED45CF51FE1D4D27F58ED12E93E0FD0AE7F69428DB169211554D1B380C91AA5CD01
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:en

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JRE-LastSuccessfulOptions-JWrapper-Windows64JRE-00084000053-complete

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):259
                                                                                                                                                              Entropy (8bit):5.120695641173387
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:0nI199pZ1tEvh/jyFvVHbOMAwM36YMuYt3nx+xRdY:h199p72vh/jyFN7OMPM36YHYQU
                                                                                                                                                              MD5:60E5CC1149685AEA687AE3E761558AF7
                                                                                                                                                              SHA1:0FFAD41597966262A17C71782CD4048177B52603
                                                                                                                                                              SHA-256:53DBFC90A516F3625FED58B4919838DEE9219ED9FDA9D70E50659C66B1D424D6
                                                                                                                                                              SHA-512:CB19C2EE2E5506CB5205995CF4A95C5C1F51B5C726BA7AC6B9439A42F88A6501202D5F7089D360262B69257C2B146CE038BEF068FB951F8F78BC78963A641E96
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:9.-Xmx512m.-Xms5m.-XX:MinHeapFreeRatio=15.-XX:MaxHeapFreeRatio=30.-Djava.util.Arrays.useLegacyMergeSort=true.-Djava.net.preferIPv4Stack=true.-Dsun.java2d.dpiaware=true.-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3.-Dsun.awt.fontconfig=fontconfig.properties.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13
                                                                                                                                                              Entropy (8bit):3.7004397181410926
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:jBJI4ln:jBJIon
                                                                                                                                                              MD5:8199887131477D02232D372BC808CFD5
                                                                                                                                                              SHA1:C172FFD15C0FB02432429632272A066B8516E077
                                                                                                                                                              SHA-256:E4C596FE101978F244B8F74BE616D62BBAAE083F881928DA51255B0DBA50D440
                                                                                                                                                              SHA-512:8623A7E6BB4673572C47035280CECBF09D02A71DE54F86A2A3376DE080DF33AF8DBE0D2E5C460779A899CA3D51E5B4C7B1A264ED4089AF40B05C187524606026
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Windows64JRE.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride.afos_complete (copy)

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13
                                                                                                                                                              Entropy (8bit):3.7004397181410926
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:jBJI4ln:jBJIon
                                                                                                                                                              MD5:8199887131477D02232D372BC808CFD5
                                                                                                                                                              SHA1:C172FFD15C0FB02432429632272A066B8516E077
                                                                                                                                                              SHA-256:E4C596FE101978F244B8F74BE616D62BBAAE083F881928DA51255B0DBA50D440
                                                                                                                                                              SHA-512:8623A7E6BB4673572C47035280CECBF09D02A71DE54F86A2A3376DE080DF33AF8DBE0D2E5C460779A899CA3D51E5B4C7B1A264ED4089AF40B05C187524606026
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Windows64JRE.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\JreNameOverride.afos_interim

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13
                                                                                                                                                              Entropy (8bit):3.7004397181410926
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:jBJI4ln:jBJIon
                                                                                                                                                              MD5:8199887131477D02232D372BC808CFD5
                                                                                                                                                              SHA1:C172FFD15C0FB02432429632272A066B8516E077
                                                                                                                                                              SHA-256:E4C596FE101978F244B8F74BE616D62BBAAE083F881928DA51255B0DBA50D440
                                                                                                                                                              SHA-512:8623A7E6BB4673572C47035280CECBF09D02A71DE54F86A2A3376DE080DF33AF8DBE0D2E5C460779A899CA3D51E5B4C7B1A264ED4089AF40B05C187524606026
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Windows64JRE.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps\Remote_SupportICO.ico

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36070
                                                                                                                                                              Entropy (8bit):7.04591355730143
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:8ryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv3829:YFx2ylwMhfw48v5oa8vNnt5Zn3W0q
                                                                                                                                                              MD5:B22EC69A355F529B2DDA787AF04FBD8E
                                                                                                                                                              SHA1:C987DD336C8FFA1A1F2FD701D4A120C1F0F97641
                                                                                                                                                              SHA-256:16F77D45C4C0F83DD0EA5927FF98AD91962E37403D0AC07E3E06301260ACE0D0
                                                                                                                                                              SHA-512:903DF29A5D5762E863992BA5550AF70E86DD61A758161917A88F6ED887AAE572E0F2DB83B3CECA2A85806987B04146CF9DA64EDE05350A617B04E107743529AD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............ .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a................{..t..g.L.[0.iM..=,.K........J5.K..A..M..J..F..q;.mQ,pjM)m.z<..r

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\JWrapper-Windows64JRE-version.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11
                                                                                                                                                              Entropy (8bit):1.672933031873368
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:L/9:J
                                                                                                                                                              MD5:271563B96FBBFF5DC3E04656F3F18923
                                                                                                                                                              SHA1:7F6800A9D6112BF5C360D56F3B0C5C616260FEE8
                                                                                                                                                              SHA-256:B482D2AACE7286C78A565879C3AC49B772E9BD9D003BED856542C2CEE1049B22
                                                                                                                                                              SHA-512:FC211920EE469A34E10444D65E9A909C934CFA1C6D332700D33C2AFF9AA2201434DBB810FF03188904C9500638444435CBECC25E2B7598356236C8475B02763C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00084000053

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\unrestricted\JWLaunchProperties-4187062744-23

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):67516
                                                                                                                                                              Entropy (8bit):6.010220487155515
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:iestoh/UarDoRWQn1wayicqodGFTLdzVcEDJzW84Fn5+e:xf/jMWQ1HlWGhTcoz0p59
                                                                                                                                                              MD5:4D81D7E32F6F22BD8A6D01016F4D6E27
                                                                                                                                                              SHA1:AED013D6C2B834783C18DBC317592AB7CCEE0688
                                                                                                                                                              SHA-256:B61D77EFCF4F4AB460646C69E84E3D890C8031CD071D749A80C209A1C17E4085
                                                                                                                                                              SHA-512:AAB4628DAA52A8AE195740F49CE1846AA241DFC9CAEA7AA38E56FF7DA90473EE80387753723E7C0DF78A72A637D85AE5B0F7D8E5E0B25961512D161CA613EE03
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:jwdyna_splash_image.iVBORw0KGgoAAAANSUhEUgAAASwAAADHCAYAAACjiW6AAACAAElEQVR42ux9B5xW1Zn+HRiGNjC0gaFIL9J77whI70gRQURBaaIgiqCgSIdBUZDeZxi/AYwxiWmum2w2ddOzyT/ZbLamaNom2ZRN0f9bnvfcc7+ZwbnfzCDt83ecYeab+917znmf89bnDYJbr1uv8n69F6SlPG6+V1qwJajkRiKoHBlvBeluHAmq0HsySjX4vTb4b5Ov639mcFPP/63XDS1ctrFts8+WzZ/uhglJgoTGHx8LqhY7kt9nf2/X4+vP9gQsFCwb1yc4JTBvNlcMMgdoPk4F1ehnNYKzQU0ZiSAzOBHUkpEIsuj3dWTkBXXp3/WKDP65vYfffz6ojb/NlMHX5OsnguryWQewBv68J893cAvISre4/ngv6SS60ql0pVHSNZI/7+ZepOich6CR7oDFhIs3vgmYCRYLiQlXsmCdCerL8AWMxxF6f7KAvZ9wJTwwuzbXLc2B1GzsPwMofpZcei4DJX/ObJ7ygwb0fTZ9bURfc4ILQRP62pTe24y+v01GImjuhv2Mf8+D38t/cy5oTNfNoc9qiOs1kM8wUPPnu7i59g+O927Jx5VPIf8kslMoWVj8E+lKg9+XiwWxReGhanQ6BDIEtptrYULhSj79k09+AyUTrsskXCdJEFggWLhYQM54gnWWhCkvaFFk8M/PQtBMwEy4LkO4WHBNazDhSgYyX7CujbXTz/b3L+8xfw55/hik+dnOYP5s7hRoDIxaBQVBG3pfO/rant5zO33tKCMRdCoyztPg312k950LOsjf8N+eC9rS19ZyPZ57vv4ZzDd/rq5dAzfXeoAUBbHkeb755KQYsEp4p7kJy+uesLwG9dhO78s4jd5v8PuO0/tfxeZ/rZiTJXnz3/gLURSk9HTV0/8gTv9XAU48j3pS64nPG58FoCTBSogAdZGRCLrStXTYz/KDzk7I

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\unrestricted\JWrapper-Remote Support-splash.png

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 300 x 199, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48996
                                                                                                                                                              Entropy (8bit):7.98911353514533
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:PH6LCpLFCNXKk4Kci6lNXi4aJoyAeCWf1MePs6vil+i0kBrgAn95Drw+ViYmXkjM:Pa2DuklNS4aJTLf1Mss9hNxgAnHBVJCD
                                                                                                                                                              MD5:5A45F8CBAB673E58122665ED3AE811B4
                                                                                                                                                              SHA1:0CC0D5A984C7B731061C16812F1D6192943880C3
                                                                                                                                                              SHA-256:E66CACA0E342FAF63662BA5A9C1E89C8579B9E1DD50521A62170792CD3483DCE
                                                                                                                                                              SHA-512:5E3EBCF1ACFD8D20C38C02D4C9574D1C976B70AF19862AACE2DF2325A614A4F7805B7FC69F9714D4B2FE012FA1938A7BA99CCE125EF116B79BC214297DFA8B64
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR...,...........n.....IDATx..}..V.....60...H/.{..H.H.ADAi. ...H.AQ..g....1.i..l6u..?.l..h.&.M..[...s...... ..w.a...{.y......[.[..~....<n.WZ.%..F"...o..n....{2J5..6.o....fpS.....-\..m.....I........;..g.o......,.,..'8%0o6W.2.h>N...g5..AM.. 38.......ud..u...........>........'...Y.....'.wp..J...x/.$..t.Q.5.?..^.......7........W.`.........z.....p%<0.6.-..l.?.(~.\z..%..l....}6}mD_s..A.......MF"h........s.hL...j..5..0P.......n..O!.$.S(YX...J.....E.jt:.2...kaB.J>..O~.%...$\'I.X X.X@.x.u..)/hQd...B.L.L..C.XpMk0.J.2_......../.1..y......`.l..h..Z..A.z_;...s;}.(#.t*2....]....:.........r=.{....7...].7.z.....y.....Jx.........N..8..o....._......%y....Q...t... N.W.N<.zR......$.J..u.....t....N..o.$dz.6N.|0c.2.A.?.,.#W....%._.).Ny.x..9L.....|t..~...................9.>A.........=.g|.....9.w.`f@..\..1....y?.......=....j.iP.-....H..\...7q..?.}.....ol....@*7i.....yV...lt...J.!..p.`...e$0.{..E.=.'!B...p.`....!n..n.......U...c....rv..T..L.|..oy...

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete\unrestricted\jwLastRun

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13
                                                                                                                                                              Entropy (8bit):2.719294525666979
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:LsRhdn:ULn
                                                                                                                                                              MD5:A95513CDC63A7D498954F999B7FA546B
                                                                                                                                                              SHA1:E006920974D324CE3896C2F5844F76CF0F5B573E
                                                                                                                                                              SHA-256:3CE66BF18105E70478B7557C76B4EEA360EDF94A7170758B743CFA87DB5011E9
                                                                                                                                                              SHA-512:31C987C672BE529EE40C95AC9B232DB53FAD644BBD733752578C35DABE9437F6B9D40FBB1BCD9416051D2C00B8AABFF40024CAF39D085284B4D0CEF96D7AAE93
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:1713584048578

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\JWrapperUseJRE

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):12
                                                                                                                                                              Entropy (8bit):1.9473387961875537
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:L/H:r
                                                                                                                                                              MD5:BD9A3A39AE641606D8ACFB54468CF0B5
                                                                                                                                                              SHA1:F6C90CD0D00CADDF14CE3CAF1A8B8D63AD7347E3
                                                                                                                                                              SHA-256:0564AE18CDB791E33BCB4DA5ED96008DBA51CBCBE80837D1B996B734E7B65BCE
                                                                                                                                                              SHA-512:C8D850A5FE1F369B66BAE90FD34878075616D151B384026DCAFEFC02BC6079A2C671F4472B0491572B5E834559D4A2B083F947CA1660EE6E2C437707AFAFAD8F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00084000053.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713584048640-1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):68086
                                                                                                                                                              Entropy (8bit):6.0178701606264875
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:westoh/UarDoRWQn1wayicqodGFTLdzVcEDJzW84Fn5IJduY:nf/jMWQ1HlWGhTcoz0p5mduY
                                                                                                                                                              MD5:0C69657304A12AFCCE873B7F70CB70A8
                                                                                                                                                              SHA1:31DE2B656C8255CEB1DBDF974A137836EB813926
                                                                                                                                                              SHA-256:2320804D79E10E54D9AE9900D34F6EC67278D6524FF3E36F16F3049EB8042FD1
                                                                                                                                                              SHA-512:131AA413D2EF0801B7BE839118678637E1E5CFCAF6FBC640197EC818C5C70D647C48C716DFCD69E6517A9FC30847B642C8BDEB9A30782D2AF1AC5ED32B8BFE33
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:jwdyna_wrapper_app_version.00102236241.jwdyna_auto_disable_appnap.true.jwdyna_splash_image.iVBORw0KGgoAAAANSUhEUgAAASwAAADHCAYAAACjiW6AAACAAElEQVR42ux9B5xW1Zn+HRiGNjC0gaFIL9J77whI70gRQURBaaIgiqCgSIdBUZDeZxi/AYwxiWmum2w2ddOzyT/ZbLamaNom2ZRN0f9bnvfcc7+ZwbnfzCDt83ecYeab+917znmf89bnDYJbr1uv8n69F6SlPG6+V1qwJajkRiKoHBlvBeluHAmq0HsySjX4vTb4b5Ov639mcFPP/63XDS1ctrFts8+WzZ/uhglJgoTGHx8LqhY7kt9nf2/X4+vP9gQsFCwb1yc4JTBvNlcMMgdoPk4F1ehnNYKzQU0ZiSAzOBHUkpEIsuj3dWTkBXXp3/WKDP65vYfffz6ojb/NlMHX5OsnguryWQewBv68J893cAvISre4/ngv6SS60ql0pVHSNZI/7+ZepOich6CR7oDFhIs3vgmYCRYLiQlXsmCdCerL8AWMxxF6f7KAvZ9wJTwwuzbXLc2B1GzsPwMofpZcei4DJX/ObJ7ygwb0fTZ9bURfc4ILQRP62pTe24y+v01GImjuhv2Mf8+D38t/cy5oTNfNoc9qiOs1kM8wUPPnu7i59g+O927Jx5VPIf8kslMoWVj8E+lKg9+XiwWxReGhanQ6BDIEtptrYULhSj79k09+AyUTrsskXCdJEFggWLhYQM54gnWWhCkvaFFk8M/PQtBMwEy4LkO4WHBNazDhSgYyX7CujbXTz/b3L+8xfw55/hik+dnOYP5s7hRoDIxaBQVBG3pfO/rant5zO33tKCMRdCoyztPg312k950LOsjf8N+eC9rS19ZyPZ57vv4ZzDd/rq5dAzfXeoAUBbHkeb755KQYsEp4p7kJy+uesLwG9dhO78s4jd5v8PuO0/tfxeZ/r

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\jwLastRun

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13
                                                                                                                                                              Entropy (8bit):3.085055102756477
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:LsRgX:UgX
                                                                                                                                                              MD5:76C926B3255E3819F8C584CFD4D49E13
                                                                                                                                                              SHA1:8AA44BE9A7BFD94C34D0CA7F033C1D513E9071C8
                                                                                                                                                              SHA-256:8DF48096D825EA8B9D1A75A55B0E0EECF9F5BF1EA203ACDF2F9116DDB0337D87
                                                                                                                                                              SHA-512:E51EB2AA3D5CB7CA98FB84FCF961EA60BF2AFB5EBD322E3134F44595C998F7A6CF6A6611B363A054F132CE07C1E28A86DF86563758B01522CEE90C3C9C756A52
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:1713584048562

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):173136
                                                                                                                                                              Entropy (8bit):6.58160064035458
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:TV8eyUbavDzJwkfJvnWsv9rsuQguAXwZ+LRrwZdLuVG/iNHN6:5M1dfMsVguQgZMvh6VM
                                                                                                                                                              MD5:58AF839323322202948776B70447BECD
                                                                                                                                                              SHA1:56C3492866BFCD0F45AAD645884B93E37EE2F01E
                                                                                                                                                              SHA-256:9E6C0101209AC39D3CC824B6BE5119D2A891F8EB394E058EB55FF7DF86744CF8
                                                                                                                                                              SHA-512:41CFA7E4E3AFC279017C84CAF07738AF928C8BEAB009BB3E6A6CF04BA34A8944ACD4B87FA93E96FC7FE3B2E22EF3B870E4CBF8E170625B36194503955660E842
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.>...P...P...P.?P-...P.?P>.>.P.?P=.b.P.n.+...P...Q.a.P.?P"...P.?P,...P.?P(...P.Rich..P.........................PE..d......`..........#......,..........PX........@.....................................s~.......................................................z..<.......PD...........I..@[...........................................................@...............................text...&*.......,.................. ..`.rdata..@D...@...F...0..............@..@.data....6...........v..............@....pdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):173136
                                                                                                                                                              Entropy (8bit):6.58160064035458
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:TV8eyUbavDzJwkfJvnWsv9rsuQguAXwZ+LRrwZdLuVG/iNHN6:5M1dfMsVguQgZMvh6VM
                                                                                                                                                              MD5:58AF839323322202948776B70447BECD
                                                                                                                                                              SHA1:56C3492866BFCD0F45AAD645884B93E37EE2F01E
                                                                                                                                                              SHA-256:9E6C0101209AC39D3CC824B6BE5119D2A891F8EB394E058EB55FF7DF86744CF8
                                                                                                                                                              SHA-512:41CFA7E4E3AFC279017C84CAF07738AF928C8BEAB009BB3E6A6CF04BA34A8944ACD4B87FA93E96FC7FE3B2E22EF3B870E4CBF8E170625B36194503955660E842
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.>...P...P...P.?P-...P.?P>.>.P.?P=.b.P.n.+...P...Q.a.P.?P"...P.?P,...P.?P(...P.Rich..P.........................PE..d......`..........#......,..........PX........@.....................................s~.......................................................z..<.......PD...........I..@[...........................................................@...............................text...&*.......,.................. ..`.rdata..@D...@...F...0..............@..@.data....6...........v..............@....pdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\unrestricted\jwLastRun

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13
                                                                                                                                                              Entropy (8bit):2.719294525666979
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:LsRhdn:ULn
                                                                                                                                                              MD5:A95513CDC63A7D498954F999B7FA546B
                                                                                                                                                              SHA1:E006920974D324CE3896C2F5844F76CF0F5B573E
                                                                                                                                                              SHA-256:3CE66BF18105E70478B7557C76B4EEA360EDF94A7170758B743CFA87DB5011E9
                                                                                                                                                              SHA-512:31C987C672BE529EE40C95AC9B232DB53FAD644BBD733752578C35DABE9437F6B9D40FBB1BCD9416051D2C00B8AABFF40024CAF39D085284B4D0CEF96D7AAE93
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:1713584048578

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAppNote-JWrapperJreCompatibilityApp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):19
                                                                                                                                                              Entropy (8bit):3.260828171224456
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:QpIQsc9:z3c9
                                                                                                                                                              MD5:42435EB08FAEE75EC8A791B9A233BD8B
                                                                                                                                                              SHA1:D462CA091139A2106E467C4A0FD33B4EE8DDAC09
                                                                                                                                                              SHA-256:BF6F11C195ADDBC386206C29D8F557D296E2E5FEFAA129519CE75B4A4228BE5F
                                                                                                                                                              SHA-512:E9B4AA8EE09A8C81746F3999E2003214952D3BA41B7E1AFADA9C6D9E2F1223A41AF3212E9C44D42D394611FFEECF25AD0E9A8A2BB79999B1DC32EC55C9667FBA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:com.aem.JreVerifier

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAppSpec-AutoTest

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36134
                                                                                                                                                              Entropy (8bit):7.045544387141096
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:fryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:hFx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                              MD5:2F89BEA63262618BDF5FF796D256A371
                                                                                                                                                              SHA1:F30C119034085D7F3091A5C4B203B33B96A2917F
                                                                                                                                                              SHA-256:1683DEE0D303F0C60394939FD4BBF403F25D8F4491648C2AABE6E2EDC45E5C0F
                                                                                                                                                              SHA-512:3B4EBCC198DF2A854DC76F239C4A82FC217B1EFB674353E8B0D235E76F8F58DC88AC1FFDA097B1158EDE047415D7169A031F7DFFA4A4F614D6069614D0445CAC
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........AutoTest....com.aem.tests.CustomerTest..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a................{..t..g.L.[0

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAppSpec-JWrapperJreCompatibilityApp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36156
                                                                                                                                                              Entropy (8bit):7.04649933105962
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:cryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:4Fx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                              MD5:A1FDA4A1DC5E7F2AA55909F108D04D08
                                                                                                                                                              SHA1:D570A469DB258ED663C3A194365D27D279E814CB
                                                                                                                                                              SHA-256:F2B3667E07E687EFCF6C3BFB25605A9BF89DF57F6BD24D9BDE7AE4D784B0A103
                                                                                                                                                              SHA-512:F0DB36A5B508768BF2F185A932380962FEB796C0B71D6FF4927B6022DA83DE27B90DADF291F017EB589D95A6C6F1099831C9FE663844ACFD2ED0557BB2F1EF97
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........JWrapperJreCompatibilityApp....jwrapper.JWrapperJreCheckShim..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a..............

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAppSpec-JWrapperMatchedVersionServerUnavailable

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36193
                                                                                                                                                              Entropy (8bit):7.048087920494959
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:vryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:RFx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                              MD5:7C0411575332FC9DB2221DAC946441FA
                                                                                                                                                              SHA1:5916948C77C8429CB9B9EE3D23B818D71AB21C3F
                                                                                                                                                              SHA-256:5877EE25B3BB645D0B17A102C818E662A91B71E7FDDA8AE606EE05AE5716D562
                                                                                                                                                              SHA-512:C5CDA13809E5AAE82958BF11D7EBDBC3B36E81F3B905A07661836302118A3156B406757BF2F35E14F28E7B0B04484EAE0769F14C83BCD3310B54AD28AA005F60
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.......'JWrapperMatchedVersionServerUnavailable...6com.aem.shelp.customer.CustomerServerUnavailableDialog..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAppSpec-JWrapper_Service_Management_App

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):99
                                                                                                                                                              Entropy (8bit):4.077885665299278
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:plIXFnXACiEy/JNwZLILECA2yAGuL:plIXFpWw1jCAXAGE
                                                                                                                                                              MD5:04FAFEDC20BF8B5448BDF2A863246001
                                                                                                                                                              SHA1:18734278FCFD6A6E89EA4331C8FAB775D655A892
                                                                                                                                                              SHA-256:61D35CBD883AA99C12EC6A9662B249E3C628B98AA358D2D32B28601B9E001F62
                                                                                                                                                              SHA-512:E8ABD99829D3DB5CEAC5D0AB5EF83B1EC84DD05B139C5E2B474FCB0C96C468149819D5CF4992D8510814B6A33CE654F8AF5CD6EAE98FE966F6C0E5132B78EB1B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........JWrapper Service Management App...&jwrapper.jwutils.service.ManageService..................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAppSpec-Remote_Support

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36155
                                                                                                                                                              Entropy (8bit):7.04631361973388
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:bryaFx2yl9a8f0MQ8uK5UywnHr8nvC3M2q3eoIzPULDNXTOst5ZWg3eJEzWv382D:9Fx2ylwMhfw48v5oa8vNnt5Zn3W0u
                                                                                                                                                              MD5:12EE6B719C117A16137C6240547E1EC5
                                                                                                                                                              SHA1:BE14715FBDB81185EDFF60D5EBB6E515EDD370BC
                                                                                                                                                              SHA-256:DE0888A10E14E8C959301F9EF56037918608BE3C5B537C9AFB92BEE686AEDB97
                                                                                                                                                              SHA-512:9667B1576661B2DF7C8BC4AC35E4CE5261C3119CA57B852A5EC7B61F3C93CFA73B5BDF488E4EF16FDAE4B82E749FFF02F1C7AF620A356063FD8314B5845C8732
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........Remote Support...)com.aem.shelp.customer.StandaloneCustomer..................... .h...V......... ......... .... .....F...00.... ..%............ .PH...D..(....... ..... ......................................b*..G..N..A.zV(~pL!h.Y%..R .>'.Y........................3$.4..@..q........o..Z..L.{B.V).)..8....................A/.D.Q.....................t...N.{O".A*.T#..-............R>"V.b...........................c..H...O.h9.:'.I........lR/m.u............................t..e......nN-..........lC.................................k.......sS4...........X..................................n.......fI,p....'..'..j..................................p.......X@%`....6).5.q..................................o......I5.Q....O<$P.s..................................n.......8(.>....eL.h.q................................s..o.....{.(../....{[2~.n.............................g..b....yT.........~[/..a..............

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_linarmutils32

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_linarmutils64

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_linutils32

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_linutils64

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_macutils32

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_macutils64

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_macutilsarm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_os_jwwin64

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_winutils32

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWAuxiliaryArchive-Remote Support_winutils64

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:93B885ADFE0DA089CDF634904FD59F71
                                                                                                                                                              SHA1:5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
                                                                                                                                                              SHA-256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
                                                                                                                                                              SHA-512:B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWrapper-JWrapper-version.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11
                                                                                                                                                              Entropy (8bit):2.1180782093497093
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:kXGbS:k2G
                                                                                                                                                              MD5:F64A6EBE623B2A4FEB2DA05C78AAB99D
                                                                                                                                                              SHA1:9699FBFDB5D815280A09BC025F990927D32202F1
                                                                                                                                                              SHA-256:1B03116AAA7B780C66A69EAA8044F9849CC4E7B57A0F054E09051EBF1E381D19
                                                                                                                                                              SHA-512:8AE7E243CD20F24493FE21714304F16A41E0D4CF328EE1C45E462C5532F183F62263CADCBECAD4A9CFFA9197048415BCCA573EC7C2D2867A4699AC1968F59D4D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00102236230

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWrapper-Remote Support-ICNS.icns

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mac OS X icon, 118432 bytes, "is32" type
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):118432
                                                                                                                                                              Entropy (8bit):4.79911976258702
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:0itpbPmQqrHVVVmVVVVVVVVVVVVVVVVVm9NdrWx5EiVlqVIlmp8vKXNt5ZnGT:0itp7qbCQyuVGT
                                                                                                                                                              MD5:BE564FC696B6169D422FABC711730D4C
                                                                                                                                                              SHA1:1DE658F8347412413A011B8DCABDA071F8DBF0CE
                                                                                                                                                              SHA-256:BD2952358D918F683CE9225539E38AE077504185F487B0074AD44E8A088015B5
                                                                                                                                                              SHA-512:FC1074FEAC49EA442455070107F3182639C248E28D74CF62FB8B6D80738539D629DC6116B17ABF7C0F7422E7285585E99B726040C21A4BA0323D28E6534E911B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:icns...is32................................../F..<Z..0J...$...............................)..#1...'..$2..:S..6N.#Ry.,i...Ek.. 5......................5J.A...M...J...F...;q..,Qm.)Mj.<z..8r.."Hn...*................./[~.a.......................{...t...g...L...0[...Mi..,=.........2[{.n...................................g...b.......Ty...........Le.q...................................s...o.......{.....(.....$<O.s.......................................n............(8......)6.q.......................................o............5I.......'.j.......................................p...........%@X.........X.......................................n...........,If.........Cl......................................k...........4Ss........./Rl.u...............................t...e...........-Nn.........">R.b...............................c...H...O...9h...':........../A.Q...........................t...N..."O{..*A...#..............$3.@...q...........o...Z...L...B{..)V....).........................*b..G...N..

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWrapper-Remote Support-UninstallerICO.icopng

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):49390
                                                                                                                                                              Entropy (8bit):7.481814629908238
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:FZ51+/60ykkmZoVLl/rvikFjoFOcmn51+p73VGxWqHb6aLiXVhKr+yf71M:FZ2/qkmL5L72FOR58GYOb6FXDKr+yBM
                                                                                                                                                              MD5:A281A019E82A015F76A1717D08224E73
                                                                                                                                                              SHA1:E5E62C0315EC8B4F5FF7912BD2FEF0304935C34F
                                                                                                                                                              SHA-256:34A0D11A21A4A42EF98D5A8397F29ABDC12F10CC6EAC97E5FC21DEF97BE0276E
                                                                                                                                                              SHA-512:678BC884CC1E960A7C2BDDB6CABDF4AE01644295C601283013DE314D7D9AC92F06FCC7359DC64ABF85C4B3137D540A23DB71CC9A399003CC6BCD460A0E981DA0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..D...|P............ .h...V......... ......... .... .....F...00.... ..%............ .P|...D..(....... ..... ....................................KF<1.RF9.QD7.PC5.NA4.MA3.K?2.I=0.H<..H;..F:-.*".|...&........C:/...m...l...g...c..}`..y\..w[..rV..lQ..jP..lR.hVC....G........TI<...r...n...i...k...m...e...{...o..qV..iN..kO.uaK....I........\OA...s...q...p...........o...........j..nR..lP.zeM....O........eWG...r...s...{.......x...c...k...q...q..qT..mQ..iP.$..Y.......%l[J...m...n...|..........f...g...m...l..tV..pS..kQ.-$.h........q_K..k...k...o...z...y...u.......~..|^..uV..rU..lQ.3*.w.......4vcN..l...k...k...h...x...........~..wZ..qS..oR..jO.7."........?{fO..j...j...j...g...e...j...j..x\..mR.~gM.waH.o[D.7-".....;5.s.|j.z...y...y...v...r...o...j..ze..uc..sa..p^.}n\.aVK.... }vp...........................................................pje.wl`.p^I.|gP..jQ..mT..oU..rW..tY..v[..z^..{^...k...........JFB..vj.m[E.u^F.ybH.|eK..gL..jN..lP..oR..sU..tV...c.....}v.....# .Dyrh.wf..wd..yf..{h..}h..~

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWrapper-Remote Support-splash.png

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 352 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4617
                                                                                                                                                              Entropy (8bit):7.815116080984637
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:tRbMDt1APL6F9Z7DMQC14nGVoYnunsDHvTOrnsUzlJG7bsFoBFS:UDLHXMQm4nGOg8sDH7OrnsulJGXYoW
                                                                                                                                                              MD5:A3BE1246247CFC9A93352D288E81F358
                                                                                                                                                              SHA1:B091AC5E9A4C638DC4D499C52FDA4469D99F91C2
                                                                                                                                                              SHA-256:2F7D3BC8FFBE9B3152EC9C332363247A4E89591FC1349BC0EB2E3A3D93055043
                                                                                                                                                              SHA-512:F4B4B868796F5239ADC7FC9D75F3C66C99A0A02FCEC2B8094DC24CFE80328CA8920CED932688932D1C4328B4AB37BF74193800F27FA2017E983BB031EB9C4250
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR...`...H......./.....IDATx...dWU.....p>.2...._.hmKKJ.VQ...A"H2$...$.... (6...HK0!H2.y!o...."=......z....?a..s.....>{...k.._.....g.{...........................................................63@>.3{s.c.|.....G_<.....G....tg.......`...9_#..{}..........|...~..f.........5............'..w,..x.....7.....5........}.......;..................|......1.....G......f....`...9_#..{}...}.......;.....Ul..pm............|....`-.b.x.....^..?z.......;.....U.~........~.`.>z.Q{..:..........,....}_<..}.....t.ki.......6....~.....|....`-.R....o...^....?..}.....t.ki............>K.....|....`-.b....j.....~..0`.=...c....?.........p..b...R.>.E.....Q..~.....8]d.Q...v......3.Q.........,...2....0..p.S..^..............`...... 0....q..L.,.!.I..V[..!......?I-<W...{?);x.... ..i......<.z)....C..^.....k.=0=.S.3'...U......;.1.o.......u...-`....Lz&......[/.....G.L.S.......{_.....S.x`.`...$.......L.z.{kO@Sp.f.{g.>...fs}.=.]0c./;..]...S......7.+.....|....*..g

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWrapper-Remote Support-version.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11
                                                                                                                                                              Entropy (8bit):2.413088436425758
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:kXGby:k2e
                                                                                                                                                              MD5:77E14C9D63FAA3AEDD47F0C313FC1D93
                                                                                                                                                              SHA1:55C00AF369ECA6BEDDBD3E55B12554F4842102D1
                                                                                                                                                              SHA-256:6BBEA392CBB8A0E0F3D6FE27A8402F5AA1BFA61727C3F2C62C4FCD2AB97BCA6F
                                                                                                                                                              SHA-512:B72C0052EE4819EAE5DEF7130BA3558720970BE9B36A9BFDDC4B843818AE054BE40C877601E2997CAD1C6678842092E8CC157AC90F11BF77AAF31DF244825525
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00102236241

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\JWrapperLaunch

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):391
                                                                                                                                                              Entropy (8bit):5.087719002693374
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:P/I1VnXIc5199p72vh/jyFN7OMPM36YHYQMtB:OXIc51fp72v1GrXEqY4QMX
                                                                                                                                                              MD5:B15E011BB7496D589C1D9A3EF02AE205
                                                                                                                                                              SHA1:F0E662ADB1302250DCAF4F4CD737A2D1AD7C0572
                                                                                                                                                              SHA-256:5D65494842456EDBAADA0EF26E4D5934659C4DB9F20ED6F93145DE3C26116689
                                                                                                                                                              SHA-512:3DD484036A4F7D39CD0D236951E90FFA2BED2A8BE43AADFD54481E8C9FBECCF168FE69BAE5B91B2BAF523F0012D5D0D5318550E6DAE8D18BB253D7FFA40E7088
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:7.jwrapper.JWrapper..Remote Support.JWrapper-Remote Support-ICNS.icns.0.0.0.1.customer-jar-with-dependencies.jar.0....9.-Xmx512m.-Xms5m.-XX:MinHeapFreeRatio=15.-XX:MaxHeapFreeRatio=30.-Djava.util.Arrays.useLegacyMergeSort=true.-Djava.net.preferIPv4Stack=true.-Dsun.java2d.dpiaware=true.-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3.-Dsun.awt.fontconfig=fontconfig.properties.0.........win.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\Remote SupportWinLauncher.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):646824
                                                                                                                                                              Entropy (8bit):7.2836774761440175
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:LhDRX+Rsd+TevUB0f/ZOYYHR3YOOasT1NDyaaSqkh0El:LhD8RE7QU/pYHptwNuStR
                                                                                                                                                              MD5:50AAE344EB0FC1E07FC76185305BF57A
                                                                                                                                                              SHA1:8456CC4C84F1A909911C71F207A76D11B640B9F3
                                                                                                                                                              SHA-256:1DF0C16058B34B1D123B82594EC603F7CE609F1335619CFD03B7E7598FD50FED
                                                                                                                                                              SHA-512:7345A7B8615088DD47A6A97FBDB40E0A6A91F9805F7A4115D3310BCB4E77FCEF6242CD1D5CBDD176912DFEF6281DA6E53196274BA8EF075B15C30ED60A89CD7A
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 11%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`..`...`...`...s..`...`..`..|>...`...c..a.......`....u..`...`..%`...|..`...r..`...v..`..Rich.`..................PE..d.....?d..........#......&...:......`.........@.....................................f.......................................................Hm..........PD.......0...i...u...........................................................@..p....i..@....................text....%.......&.................. ..`.rdata...?...@...@...*..............@..@.data....%.......$...j..............@....pdata...0.......2..................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\SimpleService.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):116112
                                                                                                                                                              Entropy (8bit):6.494947054010256
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:OpbP7TtLV/xaTIn5ei4dJe5xmtvgX93uSpp2cuty/tKBmACNBuACNA:UHj93uuw0/tKBmF+Fu
                                                                                                                                                              MD5:871F2AE119AC463E75BBEABC1E925AA9
                                                                                                                                                              SHA1:694D8B456ABC255DA9EC0E9B270116163CB5D132
                                                                                                                                                              SHA-256:313000B647E07FE9C08D538D160B5ADB4849A7E2E19C16E5E0F188B176470229
                                                                                                                                                              SHA-512:CD1E7EDA3B0591B20587990BCACAADC2424D2F9F72D071C3C4EFAC4BBB16665C7B267AE332F95CADF1CA3501F3D7B9CBC9FBBD3CFF07E1FC69BF3C9F805F1CE3
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E...$...$...$......$......$...+..$...$..U$......$......$......$..Rich.$..........................PE..L.....`.....................p.......Q............@.................................d.......................................,0..P....p...............p...U...........................................)..@..................../..@....................text...*........................... ..`.rdata..@:.......@..................@..@.data....,...@... ...@..............@....rsrc........p.......`..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\cadasuser.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):179760
                                                                                                                                                              Entropy (8bit):7.252389875765567
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:ueO+AxG4R9rNWQ6jUs/BgrrSrrC9rZ9rX9r09ratrUtrJF5FV:lAx99xYQsZg6qD9akGn/D
                                                                                                                                                              MD5:2DBC02F8DE481BC192C85703444D2947
                                                                                                                                                              SHA1:FB53F506124D2126D2C9F5BED5689353C2E95185
                                                                                                                                                              SHA-256:7A9EDCEFE2F172907E9191A6198C7E4A5291DF50F402AB1B8AE8031EFE602B3B
                                                                                                                                                              SHA-512:F8BC7F01787B9DFAFFE9F3B10D916D3AEB5A83A37C849CE6476CA481870A313CA82BA80F144B8AA2D167E629E18CAEB5B1143DF4D0FE14774D5C0C6108B579C7
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...\G..k...\G..d...\G..~...{...$...\G......\G..z...\G..z...Rich{...........................PE..L...>.KY.....................P....................@.................................PW......................................<...<....................h...U.......................................... ...@...............<............................text............................... ..`.rdata..^!.......0..................@..@.data...`+..........................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):21274827
                                                                                                                                                              Entropy (8bit):7.927981743710179
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:393216:gN/wLweTsb/7wNv+WvRnaudGWs2qI7dMHqQq2lbS6aZ8K5:qwceq7GvPvRGWs2qIpMH3lEp
                                                                                                                                                              MD5:4F8A7D2CE6EBD06CB0F22C33A592404D
                                                                                                                                                              SHA1:ED4AFB70C49F38BFAD39CC0B15D6683F5C854101
                                                                                                                                                              SHA-256:C559AB22BDF73F8E1F959A2C34B13BC765A67D5A3474EBECDA6DD658E8329D04
                                                                                                                                                              SHA-512:6CFD6645A0278FAA27E952C77CB8255F9D2F7597B78FB37597600DD595EF46379EE472FF8CF036FF71F6FECCC237F92FF9CFA6AD55C93E5FD396E89D9195CA2C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........tJW................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.JM,IM.u..R..I.(-Vp,J..,K-R0.3.3......PK..5...>...<...PK.........tJW............#...org/apache/fontbox/cmap/83pv-RKSJ-H.Yko....._1]`.......], KT.-...lP.....[.(9A.}.=G.,'..-...P.g.sf.J../....kw.....m..q..js...y|p..........7..W.bR.W..B....c........H.q.,.|.X.....J9...^.=..4..M......n...O...x^(..|.V....d...?.....o.w.x..k).nw.akd....j..7..G....[3...>.d....]mw.~...L.n.....0]@............j....8...;...n.T...T.3.7<.v".l...J.....v.;..........i.u...[Dxp/T.............bW.dLS....#7O._..U....{....Y....4..i.....o5..2|.,.j.e..?.f..v....%......`..q....xZYx.1......d......zp*._.]&{...!.W.z.9G...j$.XZr...n..1......7.K.Vf);.t.bb.}...n<8}.q.Z]:.....:~M.o......4.|..0Z.F.o....$....27....E..ji...|Q..l.......n9..?.J....G..~...........$.....E^...*f..I1{wn$....)..g9?..oc...4.M.._..eq],?B.X.T.Td...h.,.w....[......O.L.r|=*n....%ZL.>.-My5...nfd.....\.2...A23)..xy..Oru. ....)o.q!.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):17134835
                                                                                                                                                              Entropy (8bit):6.8079484032707995
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:393216:pgfhm+jYiK6wrb50vRou0WJ2WGkEP/MPluWsn1SWbL:pgfhm+jYiHO5WRo0J237sEWM
                                                                                                                                                              MD5:AA023B48A18A5BA2589B8C3DF918F454
                                                                                                                                                              SHA1:F8091216FF75C9FB169FB5D64D9202D5DACAD3D4
                                                                                                                                                              SHA-256:08E7756DCFDB552B6781BE3203B2C85D2A2442D75EE7DA89252F3DF214115BF1
                                                                                                                                                              SHA-512:95A76DC1FCCBC976F1DA6A3E3C7E3981B6B043A4324CC1388BE82A51C11714A3EE3503C6E61B37A9C2BB29EE2408B7B5F73DFD513A7217B003D96D4D6BECD7A6
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...........>.....b.T...............................+..b.....:.4...z.-,..y..++.-.+.-./.-.b.+-.J..--...+.+++.-+.*+.*+.*+.-...3.K2zD-3+.-..S-+*..{...*-.............................................................................................................................<;......................................................@?.........................................................23...........$...........................................................#.................................................................@G...................................................................1...............................................................B!.................................................(/...()(+...+.....................................................................................................................................................................21............*...)................ ...........................................'............................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_mac

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O universal binary with 3 architectures: [i386:\012- Mach-O i386 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_HEAP_EXECUTION>] [x86_64:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>] [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE>]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):185120
                                                                                                                                                              Entropy (8bit):2.538897125099634
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:RLHHGBJ8kMFbab8HAo/2j48kMf6ab8n1GVj8kM3XfMab8:R7mrGbKTjsXKXoEK
                                                                                                                                                              MD5:B97A70B14F288D37D6F77229451D0E13
                                                                                                                                                              SHA1:F9BE0AFFF116176824E5CB3C88F896A4B76C218E
                                                                                                                                                              SHA-256:B0E0EE51314CD117E94EB53FF46CAFAB951A76E62C0FD6B54D68F6942522F347
                                                                                                                                                              SHA-512:BD59CF2078B0398BE33A699D04231BEB34610EE31C59049864CDBB1D43441F68FF17EDBD5B085812413A3BA77850343E6766F61710B80D066BC0A694C7E91E6C
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:............................................................... ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\elev_win.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):243992
                                                                                                                                                              Entropy (8bit):7.278640957364001
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:4ukjf+vEAQajI4/f5rrJrr1n9rbH9r/9ro9r3Htretr5FahFc8FDF5FnFI:Fkjf+3E4n5h1JpiZHEva28dTdq
                                                                                                                                                              MD5:01DEEF7F533173DA5E2B26B00AFDE108
                                                                                                                                                              SHA1:CB1A8B2784DD8EF54E940FA5455FBCE20F928952
                                                                                                                                                              SHA-256:3330AF7877EC280AC33A327A7C4AD99BC8C437E8FF0B4EEBB8C82B230E2148EE
                                                                                                                                                              SHA-512:2451BD318016858FDCC0007D28D781AA62F708A59480DE2044185C8D27E68B25BE5995AE6091546D7C8DF17ECBC0336D9C3F68F5297B07A7435FC2F1DBCE49A6
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...........................................................Rich............................PE..L....GG_.....................`.......5............@..........................P......9.......................................<...d....@..............(d...T..............................................@............................................text...h........................... ..`.rdata...(.......0..................@..@.data...d,....... ..................@....rsrc........@.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\fontconfig.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):277
                                                                                                                                                              Entropy (8bit):4.638192570481787
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:gdpVLIRlfKCYWJWZykGEG3qH1qZb6IGVbpIWI2wb6Xzl:gd/0lfKC7JmylMIbAhpLl
                                                                                                                                                              MD5:811CDB9DDA225FBF0B0CA2C103D7F8E2
                                                                                                                                                              SHA1:8AC54D2EBD4A9BEE5CA8BFA5FA09481D252B5F6E
                                                                                                                                                              SHA-256:24138306B8AA80D2B9586A55F75A156466B3A69AB5C96988AD62304905F53C07
                                                                                                                                                              SHA-512:32341E621E474C9639B572EB63E070CA50A63D70CBE72310ABBE8E3B8DB459AFD469433B52FCF678BF8AAAFFC868F197878EF75DDB67D342CBC74A98D1CEA9AA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:allfonts.thai=Tahoma.sequence.allfonts=alphabetic/default,dingbats,symbol,thai.sequence.fallback=lucida,symbols,\. chinese-ms950,chinese-hkscs,chinese-ms936,chinese-gb18030,\. japanese,korean,chinese-ms950-extb,chinese-ms936-extb,georgian,thai

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwAuthorPublicKey

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (1033), with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1033
                                                                                                                                                              Entropy (8bit):3.992356463658328
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:qvJXV01naP5VAoSsY1PRjhGSrUld3BIlAG+3X5TwHW+Lhs2T5qgeXghYP0K6ju0c:qBlnBVyNQCYgAXHNwzb5+0xntq1Bd/
                                                                                                                                                              MD5:1128DCB368DF4E55C20A4657D6B9B6A5
                                                                                                                                                              SHA1:A5288D935233702DE687AA089DC864E7B9DB3F84
                                                                                                                                                              SHA-256:B72D40A45A55DF2C60142D734630E5BE9464B52A09CF71A2951BD4553F785A12
                                                                                                                                                              SHA-512:45741D62559AB3BB476835CC99F0CE76DDE0135DE6DCADCF52EBB489125AA822DE2EFAF9146FBA144FC3D5D9A5D76B8E64BD976F1FC0C8B9048F82E2B8369814
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:010001/00809117AD80272B656E1933627989FC63E4D7781D3DC18CD14BA3557B439DAC2945B118DEE7A7C2F8AD0DAD4F0801110DBB9165CA9834B48813C760A9D96A7F4A4B845B8AE157787C8B34C57EAA2E78EB02D8D31AE4E958D2F2CCD72AED2D77D76AADD60CB7B31BAEE11FAA888904CED7A2D586F28BFC437A09E6D65F8BC98DCDC8C9911196E4A2944F0AE8BB51FD58E2E613D9AB7F214AC43F58BBCB543A6D5E5B38EA37463FDE2042192F6ACA10FF51D2525ED868BD023BB9954F002460E0D410106AAF7CF5525250701EAD733345DD88B2197BEC94485FD6D25300FD45DDFC0165AE6A92D3374BEE3C1A50B0626C0C73C90C69F7F92736E50FE67976E22657901C2F1FAF3B1C0493087C07B553A008D507C4CF4A94D43741C33202E44ED5047CC6A9C09AD8596D00D8B4D85FBC1A850AD6AF2F97467FA817C122D7D45C0A6513D5AA57B0D87A7CD855F77C57EDAD30BA03DBA2CD7BE409F929A36500B3CF6B3AF6154E09895268E8736E6FD70C7AE011896ED1D79B660200598A24416FAA98457B90C184ACE27FFCB28A4035D4F5804CD919C37540E640F53E066AFA9500866635563A32988542BA0FC220F1D01C770DD3F20382BD640098CC432A3F6C4C1A25C90CFEBAA7195320DD518D477D86D313D3340567FC4E49934868AB78E23B9EEC6B6B832245A005C1304091A0E9C74

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwBuildVersion

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11
                                                                                                                                                              Entropy (8bit):2.413088436425758
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:kXGby:k2e
                                                                                                                                                              MD5:77E14C9D63FAA3AEDD47F0C313FC1D93
                                                                                                                                                              SHA1:55C00AF369ECA6BEDDBD3E55B12554F4842102D1
                                                                                                                                                              SHA-256:6BBEA392CBB8A0E0F3D6FE27A8402F5AA1BFA61727C3F2C62C4FCD2AB97BCA6F
                                                                                                                                                              SHA-512:B72C0052EE4819EAE5DEF7130BA3558720970BE9B36A9BFDDC4B843818AE054BE40C877601E2997CAD1C6678842092E8CC157AC90F11BF77AAF31DF244825525
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:00102236241

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwrapper_license

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):792
                                                                                                                                                              Entropy (8bit):7.755914204647375
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:1Vfm5iYCLJ8EyRso96dcHZYPMpArbMLIqxXjvujlVnO7ZTw+ZtN9o16eZCGBMh:1VeC6EyZ95YPambAj7aVnO7ZpoHZjMh
                                                                                                                                                              MD5:DCCA3D97F264579BAA88AD8DF0749966
                                                                                                                                                              SHA1:18E3F2A3B2F99E21D577A2ED4DE44A58094C0DBD
                                                                                                                                                              SHA-256:F3065B1A51B64C7BD0AD9A434E4C9EBA27EA65F1418C2BB0056186F6195EB48E
                                                                                                                                                              SHA-512:2EDE51F4B006199B30E4F645C395237C752F0501CB2FAAA7F6CF5B2386CCF759E264B8E6AAADC7396A4C412BC27A89F9C9CCCE0288C9355ED552A2BB09B9F329
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....K.o...u.y.."X.s....6e....+]...r...?.r3#...,-.x. C..R..W3....y......'..:[.b.2..\E.tWF...OQe^....E+e1.P.%....I...p.....r..... .9./.l8.T..4...`...QB.\..E..ps....X......E'd............l.s.jfpC.(...xL3#;..D...........H..-.5".g..0...S...+..ffA...`.T]l.%....q....>.|:.....V......2|.]oB..Su .2..);.....s...!_.Y...98...{(.+C..O.....O.R<.=...k..-.DK..s..'...[?ue%0.`...4H=mn]r...2...)....ae3.o.........Z.o.'..?...2...#...v.v..Fj.....I..D.;*[.........,..z@.CfI_...H|..v..N...DR.....<.E.mO.W....F....;...p.2]K...x..:^8s.!.Y.r..JE.q.^.v.+.T9...z.c..j..g..7.."..._\...9.....~...&.!.sg..........N6.01..................P...5.UD...P....t..@......~w...Y...~X..O...A;%....C..}....k..>...f....:w..c...m.@....Q.@.....L.A!...7.....,jZ]U(.^[!.A.+U...L.7.u.d!.... .v.:.....'/.J.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwrapperlib\jwstandalone.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):7347345
                                                                                                                                                              Entropy (8bit):7.90172746120592
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:196608:wwi/gMH3RmWvsVleeD7/xdrkN98TlMY9S:X+fElLPkN98TlTs
                                                                                                                                                              MD5:C339A8066A3EE3B6D98BC98CEAF360CC
                                                                                                                                                              SHA1:0D63C6DB582D7009102C516BB28EEEBC7C8C1840
                                                                                                                                                              SHA-256:2A176D30AD6123832D9C9D871A0C6511E53027CD3850FF2E73754C019937191D
                                                                                                                                                              SHA-512:61C2CEB44A6F6F5754166D1368C34C17266AB600A4333D17370103B422B20A6622A6D617C2F08C8441354529D7B74CC7B4FF017B9B4631DBDBF9496DC7FB39E2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK........ktJW5...>...<.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u..R..I.(-Vp,J..,K-R0.3.3......PK........ktJW................META-INF/PK........ftJW................jwrapper/PK........ftJW................jwrapper/updater/PK........ftJW................META-INF/maven/PK........ftJW................META-INF/maven/com.simplehelp/PK........ftJW............:...META-INF/maven/com.simplehelp/jwrapper-version-foundation/PK........ftJW................jwrapper/legacyutils/PK........ftJW............0...META-INF/maven/com.simplehelp/jwrapper-launcher/PK........htJW................com/PK........itJW................com/simplehelp/PK........itJW................com/simplehelp/macos/PK........itJW................com/simplehelp/macos/uid/PK........itJW................com/simplehelp/windows/PK........itJW................com/simplehelp/linux/PK........itJW............,...META-INF/maven/com.simplehelp/service-utils/PK........htJW................utils/PK........htJW................utils/serial

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwrapperlib\jwstandalonelaunch.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):13506
                                                                                                                                                              Entropy (8bit):7.768660882081999
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:K0btOHWS+ZiigbfKIzni0z62iYgfkYfeJYtk38k7jlRM4alLo6:rtO2S9lfKKihlcYfRE7z/alLd
                                                                                                                                                              MD5:4D29ECCF3866C3FA82EFCA9DC8859CA9
                                                                                                                                                              SHA1:2372F5BA5DD961BAE56CBA14E47FCA0A5EC4D963
                                                                                                                                                              SHA-256:82132C71ED8AB43F1389AAA8B7FB51B9BA6332B05946B298A7660F3436B0F84F
                                                                                                                                                              SHA-512:B618AC68D987B1C9D1AC732C4FFF08DA7347B8B37F4CC07745B0546ADE5E99532B7552FE1C1CAAF9BFCC961BCB2ED822E0CF5AB1467B2400CE6924FBC6F48C92
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK........gtJW5...>...<.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u..R..I.(-Vp,J..,K-R0.3.3......PK........gtJW................META-INF/PK........ftJW................jwrapper/PK........ftJW................jwrapper/updater/PK........ftJW................jwrapper/legacyutils/PK........ftJW................META-INF/maven/PK........ftJW................META-INF/maven/com.simplehelp/PK........ftJW............0...META-INF/maven/com.simplehelp/jwrapper-launcher/PK........ftJW..H8N...D...+...jwrapper/updater/GenericUpdaterLaunch.class.S]S.@.=[J.. 5UDQ.*..M.O..K..g:.L.....0.n6V~..._..?...x.....{ss......O.kx..4.&n.q..L,........8.j.;y8....P.\..n.<....>...>..z[+O.....@..K..~$.r....s..j..m.]..<)^E.]...]_.`....W^....z.#.Jk...` T=.t.&.BH.<wg.x$.=b...'.f..OkK.I?..R^.. ..O...O..h.*1.F~;..+..X..4j'..p.6...N.c....x@...k.GxL4].............r..}!u\....u<aX:S......<.d......`(...zw_.DX:....Db. .O..o..h...r5..im-..c0.@j...b.8Ls.......F..Q..).S(.(.9..6-i.....\i/.Zt...........Ki.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win32.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):221120
                                                                                                                                                              Entropy (8bit):6.880610441745664
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:bOX2K6Wqy7w6rRjKGvpU40ywcV1ASmv+c2Tj2qPNFgFzFLFKuF5F8:qXJxKGvpXxOcjLNKVF1v+
                                                                                                                                                              MD5:6C81694E80A30AFDCB1FD52ABE69C17A
                                                                                                                                                              SHA1:BC5B890A25AAF397B386091ED38591386F5A7730
                                                                                                                                                              SHA-256:15EFD7FBC433648E95450ECE65EA27B2EB0C9142A8AAB011660E0287EAB366B2
                                                                                                                                                              SHA-512:2E8C095C2CD338057FEF8B693E10F93EAF669111E67BD9A235B0903F25B016A9A2CE966A5F5086C415964D7B1EB3D35F1E45DA592111C9722B1B6C2B0F5A3033
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A]...<...<...<.."....<.."....<...D|..<...D{..<...Dk..<...<...<.."...2<.."....<.."....<..Rich.<..........................PE..L......b...........!.................................................................o...............................................@..................@U...P......................................X...@............................................text...E........................... ..`.rdata..S[.......`..................@..@.data....1....... ..................@....rsrc........@....... ..............@..@.reloc... ...P...0...0..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\jwutils_win64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):249792
                                                                                                                                                              Entropy (8bit):6.8031266037967315
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:6r89CMpnp0Goz/QHaXipiyRbJFDzQv7khZOq44lZK2hKZyqpiXBbgFFXFxFEsFgq:htxphC/bY/qIhZOzPQxMB/6s6kj
                                                                                                                                                              MD5:3BC9749F5118F7D5F8C652CB59A60787
                                                                                                                                                              SHA1:A570885B6085BB29AE31ACF9B806AE7563CA2F56
                                                                                                                                                              SHA-256:061E2AA6FE2E27B6F2595B4703486C9BFB603CB276B780BC43F63B1F1B844198
                                                                                                                                                              SHA-512:FADFED1FC1AC700149BCCE4343720465FC6FA5A96B4DA48A7DFFFCC0F3CCFC01593688F86D19A4DA80BEC8370130478FB6336110173D46282C38C443D723E661
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.....,...,...,...,...,...,...,.}.,...,.}.,...,.}.,...,.}.,...,...,...,...,...,...,...,...,...,Rich...,........PE..d......b.........." ........................................................ ......_...............................................`........z.......................z..@U..............................................................x............................text...z........................... ..`.rdata..2...........................@..@.data....;..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libjwutils_linux32.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, with debug_info, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):10964
                                                                                                                                                              Entropy (8bit):5.076716242686938
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:cvEsYRXi3WHsTyX3Qa/c2k6fBiQiBh66zvpELGatA7AmVMJftEPTz5AJY9XBMk:cJhmHsuX3Qgc2k6phsvpEqwZa6ED
                                                                                                                                                              MD5:EDCD4C74DBF4E558CCC5023FF4FBFE28
                                                                                                                                                              SHA1:A60995D8909BCB239A846B68D79163F04FB429A0
                                                                                                                                                              SHA-256:226299D0171700CFA0ED668D3E5EE1036DC860D23AD9EB238BD0037BD9EA732F
                                                                                                                                                              SHA-512:CF3CAC1636A7A80E3C62EDDE2F5331431E06D57F3D267D758BD3A3D560218402543091D16D0AD4AEBE1C862928A182A64A5D97C2481AE6C8BA02507317DF9290
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF........................4...H.......4. ...(.....................(...(...............(...($..($..T...X...............<...<$..<$..................Q.td............................%...5...................!...0.......2...3...........-...........,...............(.......%...4...+.../.......$...........#.......&...*...............'........................................................................................................................................................... ......."...........).......................................1.......................................................................$...............($..............0$..............8$..............t%..............|%.............."...&...........<...$...............Z...............t.......................................[...2...t...............|...............q.......?.......,.......................-.......T...........H...m...............s...............i...............6.......z.......Q...........`...m...........

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libjwutils_linux32arm.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=0d3184baadd25544b9ede9ac16431accd8ba85b7, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):10894
                                                                                                                                                              Entropy (8bit):5.071276698955684
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:ux62NwksYRXi3oaKoe30R5qFxBxTOD44ieMOImuiYGGoXBTE6A9ighVKdPO:H/hbKos7xBo4DOImvEdAGeO
                                                                                                                                                              MD5:8A7574C4F327D70B144C92C126870C34
                                                                                                                                                              SHA1:738A5C3F21A61C7DB0542E8D0715500B5AC1790E
                                                                                                                                                              SHA-256:BBEC792801A81F7521F27FD872C9E1A2CA19456525A4E201E81A0F19776D0E0E
                                                                                                                                                              SHA-512:A63C649565B0A8E5E0F12D5036A20B0479FF0FD42563297C1078017942212A4808A49F59B531030060521912132FA05E230C7997D480AAE66C8780FEFEB11402
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............(.........4...........4. ...(.....................D...D...............D...D...D...x...|...............P...P...P...................................$...$...........Q.td........................................GNU..1....UD....C.....%...3...................1...&.......-...........)...........+...!..............."...................................%...........2...............'...(...............................................,............................................................... .................../...................#...........$...........0...........*...............................................(...d.PP.....a...."....#........................!..."...#...%.......)...,.......0.......2.....4...>7....M6..vT<......qX...*..|Y.yc..}CE..f.}.'....}.=.}.....h.wJ.(.4..P.G7.<.f;.g.b.Y.*..W........&.X......................................L......................."...|...............V...............E...............{...............N...................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libjwutils_linux64.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, with debug_info, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):14679
                                                                                                                                                              Entropy (8bit):4.350735562177646
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:RQlhmShdvgpN8FPVuQLjZQyonXaoFs26LK09a:y3tBoQ2qt2j
                                                                                                                                                              MD5:D28409795FB3212DC5621A680388AA8E
                                                                                                                                                              SHA1:DE217E7DDAD46347A21C1E0684A9A044C87256F0
                                                                                                                                                              SHA-256:D08B475F3E40077E40BF949DB73DE4836C0318A7D4CFBE310135F445AE7403FB
                                                                                                                                                              SHA-512:D9E886AA9F32E1D1343CD09EE43CEE4ACB7C1E62ACA1DCC27A46BCB7D2ADC5942B812B31CF8FB1107B4054BBFCF9AD78C78625B038EBC8F183EAA146C1FC0DDC
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............>.............@........"..........@.8...@..................................................................... ....... ....... .......................................H.......H.......H...............................P.td....................................................Q.td....................................................%...6.......1...........!...3.......4...5....... ...............-.......,...'...*...............)...2.......%...........#.......$.../...............(...0..................................................................................................................................................................."...........................+...&...........................................................x....................................................................................................................... .......................0.......................@...............................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libjwutils_linux64arm.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4b97def7328c5ced5eaff796c3e6ba3ff532c45b, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):14344
                                                                                                                                                              Entropy (8bit):4.259963884841952
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:BYOBWBhRXi3oCj/HE1pt6vRcNTLFe+Edbpr6ng6g2YywItBjH7iBSN+HR8V:z8sb/HEbNTvabprzl2YTG0T
                                                                                                                                                              MD5:7D1547979BC4100F953BCADDE660FEB2
                                                                                                                                                              SHA1:EBDC6F495DEEA51E8AC9604214B5F9EF3380DAA4
                                                                                                                                                              SHA-256:1891ED1FBEDF1AFFF0C9A16919CDC8EBFCB6EAD6D4AC6DAFE5E2808B667CD56D
                                                                                                                                                              SHA-512:6E57ACF344CE8A076C5574BD2212C87075BAAA07B124995A35D6342729B9F7CD261934EC532A12BC91111D17F31B895102F9434793DDC10BE94DCCC8A02A53A7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF.................... .......@........1..........@.8...@.....................................\.......\...............................................................................................................................................................$.......$...............P.td....................................................Q.td....................................................R.td............................0.......0...........................GNU.K...2.\.^.....?.2.[.........................Q.......X.I............................................"...%...'...(.......*.....>7M6....*c..}f.}.'....}.=.}.....h.wJ.(.4..P.G7.<.f;.g.b.Y.*.......&.X........................................................... .......................................... ...................F..."...................>.......................'.......................................................................2................................................... ...................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libjwutils_macos.jnilib

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O universal binary with 3 architectures: [x86_64:Mach-O 64-bit x86_64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|NO_REEXPORTED_DYLIBS>] [i386:Mach-O i386 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|NO_REEXPORTED_DYLIBS>] [arm64:Mach-O 64-bit arm64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|WEAK_DEFINES|BINDS_TO_WEAK|NO_REEXPORTED_DYLIBS>]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):125239
                                                                                                                                                              Entropy (8bit):3.6990204799796764
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:0DQjBdspdqsJYEa1DnEyYsP3a1DnbE+sV6l7HeFgW6a1DnEr:0Eraza19X3a1u6lEJ6a1u
                                                                                                                                                              MD5:0A4AC2CC7A3C46C036CBBD8A79FDA72B
                                                                                                                                                              SHA1:D5DC6C3DD7D94EF85DDAEE7C8670C38C1E0E1F66
                                                                                                                                                              SHA-256:3ED83BAC9E0A0756DD4D15EB43A8428FDBFF16D3D6094E8B832E8F1C0B1FF312
                                                                                                                                                              SHA-512:78C593BD8BA9903224A9332A7A85418ADD613F0AF7CB15866D38F257772B395624882CB815F516D25D1115F41118383708BF1CFBB78D0166A6B7A38A0127B2CB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................k...................|x...................7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_base_arm-32.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=24c49cfad556ec10a11ff1f76fa38837f11eedd4, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):15023
                                                                                                                                                              Entropy (8bit):5.302339107549136
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:8Hi5J8paQnPKVQ30G2IBA6jaqTH9BOULqeeUc0R65kn7ZDfa+zw7qZdbr:8C5rkPKV4VLBO1/UHnTzw2n
                                                                                                                                                              MD5:8B22D148E8A3E9ED697C534FBB66E9E4
                                                                                                                                                              SHA1:A57406A296D8B6307AE8ECC3B725B3751BD8B21A
                                                                                                                                                              SHA-256:91C627A058DA27C708734D7BD8EFC26BF83F457C8672A359254A30F74AB555EE
                                                                                                                                                              SHA-512:CAF1271CBC765E1E32B23BEA7B1784E3E4AD34C633676AF641E3711D4B5D482E4D59DA8E816FF57C85BF08617F74A2C6C19F35FC318289FA1FC66F3F76F8F359
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............(.........4....!......4. ...(.....................H...H...........................................................................................$...$...........Q.td............................R.td........................................GNU.$...V......o..7....................!.A.."..(..I..X.....M @.................!...%...)...-.../...0...2...4.......5...7...8...9...;...<....._...4.}........@#... =vT<..`.HzvC.....(dTe...qX..".Z.....|X.y../W..<.14.....BE..G........O....._X9..P.V....W.,..(...e.z.$.yL.....................@...........................(...............R..........."............... ...................!...............................................................Q...............................................C........................................... ..."...............J..............."...............................................................a........... ...8........... ...3...............................................Z...................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_base_arm-64.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b08c12adf7a6eecd96eea4500533b4d34bb63e7e, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):19789
                                                                                                                                                              Entropy (8bit):4.439074951618062
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:BiCvZ8pSGXfL4kylrLBWx06tu1KxlQGf7b6vdbr:BlvbGMTcxhyK7QFR
                                                                                                                                                              MD5:46A3B2B7E086D5A1B428DE3B73F2E6E0
                                                                                                                                                              SHA1:9A28F769D00E5D8B9F7769FAF6AC9DAF3F2DE475
                                                                                                                                                              SHA-256:38D84B088D404FD6C637F08B1842C0419766DC49F077D3207E12594C1ACEE9F5
                                                                                                                                                              SHA-512:7BCB0B2CA1D115C43D57C6C627CD5C17779A9F73173DCE49A6D2630DC42D5A485F86A879F1040051C782748B93F39A7B6F1FDFBF5B9B0196736B16E2CE17493C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF............................@........1..........@.8...@......................................%.......%......................p-......p-......p-......`................................-.......-.......-..............................................................$.......$...............Q.td....................................................R.td....p-......p-......p-..........................................GNU..........P.3..K.>~......................A.....(.....BX.!DLM................... ...$...(...,......./...1...3.......4...6...7...8...:...;....._...4.}........@#... =vT<..`.HzvC.....(dTe...qX..".Z.....|X.y../W..<.14.....BE..G........O....._X9..P.V....W.,..(...e.z.$.yL..............................................................-.......................................... ...................R..."...................1...............................................C...............................................J...............................................Q...............

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_base_intel-32.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ea09cded1d8d1d6025689fce403d99330ccb7f20, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):17392
                                                                                                                                                              Entropy (8bit):4.986903728026284
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:kMv8pSaLUL3GPX3Qgc2qKXxhM0+PXDze7K8QN9wuaZNnf2v0Fdbr:kU6UTGfgg9PM0+PXDzeWNNWZNhD
                                                                                                                                                              MD5:4103582749B953A29BE4EF600359A76A
                                                                                                                                                              SHA1:C47FC1FBBBBBD0321676213A6C98EB220A0113B9
                                                                                                                                                              SHA-256:D2794E35B6B1583797A81CE19908390EE0F10647A276121223784662B9B76642
                                                                                                                                                              SHA-512:91A044FF0CD7BB98110FBFE43A9748EEFA1133AB5722475F2F70A29A013A356D94B5C4A851741A57ED74F67C3A70FF4B0A5DFE3575385E8CDBC5804F21954DC2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF........................4....1......4. ...(......................%...%...................>...>...........................>...>..................................$...$...........P.td............................Q.td............................R.td.....>...>..8...8.......................GNU........`%h..@=.3... ................ .A.."..(..H..H.....M @M.................... ...$...'...)...*...,.........../...1.......2...4...5....._.}........@#... =.`.HzvC.....(dTe...qX..".Z.....|../W..<.14.....BE..G........O....._X9..P.V..,..(...e.z.$.yL............................. ...................1...............................................................R..........."...................J...............C........................................................... ..."..............................."...............................................................a........... ...8........... ...3...................................p@..........................................(.......M...........

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_base_intel-64.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7ce88aa9e4ad542ef7acb6308b4b39138a05905e, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):18977
                                                                                                                                                              Entropy (8bit):4.73012923975088
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:RdT8pSafSumg2wrkMxfKq8JQ05U+6DyDSR8pfvNf5V05dbD:9gSjwkMxfKqEQ05UfDTWWX
                                                                                                                                                              MD5:2C29B5037151F1C76A19DD4316E909BF
                                                                                                                                                              SHA1:643527867BE8461F0FF1519C3132BB4F01C0E43C
                                                                                                                                                              SHA-256:C4AAF320763382B7BDA7229B16E14BC469DCA6C5C7D5C592EF906C8FDFEFC80B
                                                                                                                                                              SHA-512:D278672137F6B5F9444DF7D50EAD55298013484E560520F81AFFE82E380D40010B9765AEBA7BF41FFBDF51D0A2E9E3A454DB9FFFC3084056C45457DE638EA1B7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............>.....`.......@.......(2..........@.8...@......................................).......)........ ..............-.......- ......- .....t................. ..............-.......- ......- .............................................................$.......$...............P.td....x$......x$......x$..............................Q.td....................................................R.td.....-.......- ......- .....p.......p...........................GNU.|..T....0.K9....^......................A.."..(.....BX.!DHM..M....................!...%...(...*...+...-.../.......0...2.......3...5...6....._.}........@#... =.`.HzvC.....(dTe...qX..".Z.....|../W..<.14.....BE..G........O....._X9..P.V..,..(...e.z.$.yL................................................................................. ...........................................1...............................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_grab_arm-32.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=7f15c3163e8d4f99f231f4376e7bdd2506d6dab4, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):14797
                                                                                                                                                              Entropy (8bit):4.903435914064741
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:w80q8pQnBvZnkkgIpp7PBRh/rQnhO8dJc3dzYy1vZDfEtg8DNKkE:w802vZkkgIXFTYhVm1YWI7DE
                                                                                                                                                              MD5:0B380761417BB7FE456D1649F7E925D0
                                                                                                                                                              SHA1:2F609DB9AACD14906F9C4BBEFA58694AA512B55F
                                                                                                                                                              SHA-256:3C7EEF7313DF16DB316472BBE18A1F32781B9FE957C648D68D1ED73AEAEF637D
                                                                                                                                                              SHA-512:B6BBE94373F2B256ED799C51F289FD70F36E0E08C3B79CD899166A3E1947D53BE5C45AF68A3135512749F9441175D689C67B3A661D84711E4872F5A504DD6951
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............(.....h...4...4"......4. ...(.....................|...|...........................................................................................$...$...........Q.td............................R.td........................................GNU.....>.O..1.7n{.%.......&......................k.H.......`.........&...'...(...+.......2...3...5...:...;...<...?...@...C.......D...F.....4.....vT<..`.H............qX..9Cm......|Y.y...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B......W.b.Y...2.nN.Y'a.....................D...........................................R..........."............... ...................................................d...............l...............x...............................s...............&...............................................................8........................................................... ...N...............................m...............................................+...................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_grab_arm-64.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=59062dd60176c81290899b73d214b2e79e23fa1d, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20093
                                                                                                                                                              Entropy (8bit):4.223197742934833
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:sqx8pzkcVBTyorAKVS3pvrp3xw3ZnfwfLAfnty4KR5tLkE:l8kK61hwpnfYQkR57
                                                                                                                                                              MD5:1E643369EA7B1C82AB68121112BC5E30
                                                                                                                                                              SHA1:A0F8AA10427EE73A60B9C26E019B309B20EFF188
                                                                                                                                                              SHA-256:08892D24442B91BCAD85218B9D74E77D724D0F690446419C8721743A443262E0
                                                                                                                                                              SHA-512:3DF664E0673EC1BD998E149F0AE64B442BCDBD304FCB930DFE83D42445A87E323B3E6CA5817B581A60D5A8D11F2598EE9F62194342DC666FAF9B290454465549
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF....................p.......@.......x2..........@.8...@......................................&.......&.......................-.......-.......-.......................................-.......-.......-..............................................................$.......$...............Q.td....................................................R.td.....-.......-.......-..........................................GNU.Y.-..v.....s....#..........&...................iH.K...$...L.@.....!....&...'...(...+.......2...3...5...:...;...<...?...@...C.......D...F.....4.....vT<..`.H............qX..9Cm......|Y.y...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B......W.b.Y...2.nN.Y'a..............................................................-.................................................................. ...........................................R..."...................o.......................1.......................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_grab_intel-32.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=983af6c747bb1f6190a4784faa9972be761323a2, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):17580
                                                                                                                                                              Entropy (8bit):4.768157109489257
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:3SkOJ8pzdZBw8sT09OX3Qgc2EwjHtnbaGLRDXnia8RtyJOEph/Lwcx8i8Sfr+T16:CdaziKwggTjNbXLtYcJl98iCRXK
                                                                                                                                                              MD5:FA57592DFA41C6A16E611ABA912D90DB
                                                                                                                                                              SHA1:F6DADDE200E2A51B436A44685B26007A0DE5FA29
                                                                                                                                                              SHA-256:FD302D139E78AF2397F7A255B831B37E4233BC235DCF23C9C5A3DCA237B695AB
                                                                                                                                                              SHA-512:451663E001B13E205AAA220B6C5C750378A83018C438738A89F118B59E0C2FE6B5AE68ECD92D26EDD2F996E23F83DDBB343E4AA37A419820820FBD53C055F744
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF........................4....1......4. ...(......................$...$...................>...>...........................>...>..................................$...$...........P.td............................Q.td............................R.td.....>...>..$...$.......................GNU..:..G..a..xO..r.v.#.....#............0.......@.j.H.......`.k............#...$...&...)...,...-.../...4...5...6...9...:...........=...?........`.H............qX..9Cm......|...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B....b.Y...2.nN.Y'a............................................................. ...................................e...............]...............................l...............................R..........."...................................................1........................................................... ...G...............................f...............................................$...................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_grab_intel-64.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d939c78b1a97fb52b3bdf9f1354ca0d209a25baf, not stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):19352
                                                                                                                                                              Entropy (8bit):4.431011588586782
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:R2wOi8pz3oYO3ja3hncUdkMxolq1KgxwUtPr6W2bLfkVTOqB5c:oTO3jUncUdFP14UACaH
                                                                                                                                                              MD5:432D1EB045D0C16134E5930FF7661C15
                                                                                                                                                              SHA1:B61829A4BE10CC724632D13AF437AACC528A984E
                                                                                                                                                              SHA-256:3645A8546E97ED7E121C070035EAA58764DFA99243355639376FF9DEF9D8995D
                                                                                                                                                              SHA-512:BE324331E314A64895656043BEA68A6DCB88F062395DEEAE49D92890C4BE00F806BF1DA9DDA84EA1CE360E3EC92E1CDF8C4DA27629A01B6191E10BF3D9C41953
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............>.............@........2..........@.8...@......................................).......)........ ..............-.......- ......- ....................... ..............-.......- ......- .............................................................$.......$...............P.td.....$.......$.......$..............................Q.td....................................................R.td.....-.......- ......- .....H.......H...........................GNU..9....R....5L....[.........$................ ..iH.J.@.$...H.@.+...!........$...%...'...*...-.......0...5...6...7...:...;...........>...@........`.H............qX..9Cm......|...........=..-..m.BE..G..u...O^D}A.Ep.7mRn.N..G.$Z....z.B....b.Y...2.nN.Y'a......................................................................................................... ...........................................................................................].......................q...............................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_wlgrab_arm-32.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, ARM, EABI5 version 1 (SYSV), dynamically linked, BuildID[sha1]=89d29057f4380122032b0f58cd14fcbabc138d65, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1037968
                                                                                                                                                              Entropy (8bit):6.1425832917819525
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:zq/i2tsVb9IguHqF5ibCnggZAzB3nVwaI89a/fiVkV3dmoM75Lu0/7q+DROty7+U:zlgYAOu
                                                                                                                                                              MD5:0440F9D17B8D5E7146C3142B9FE02463
                                                                                                                                                              SHA1:AD2C3331BE3870DB0FD1B95415F264FAF41BCE4E
                                                                                                                                                              SHA-256:621B1106157C24F480BC982FA0F17C54FBB9A3C4EAC4A8757FE5FA5A7A283DDC
                                                                                                                                                              SHA-512:28EDBEB36DADA027F12076C5C4A77DE80C71A45168B5942717E9A24655F18211320C9E06541DECA1094FD73491D14FBDFAE56D9E2C6DB958F5AF564D195758E0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............(.....0...4...........4. ...(........p............(?..(?..........................HF..HF...............S...S...S...|..............................(...(...............4...4...4...$...$................S...S...S......p...........Q.td............................R.td.S...S...S..p|..p|......................GNU...W.8.".+.X.......e................. ...!..............................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{.......................................S..........^...............................................................................................!...............................]...............Z...............................................................................................................................l........................................................... ...................X...............................................|...............;...............................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_wlgrab_arm-64.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=1b22c3fd3aab5963a88d50dbe64e8ed98ac20398, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1182112
                                                                                                                                                              Entropy (8bit):6.274424924381429
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:1Q2bko87kkcT68x4JdNFVz/j13tkPxqC5OUM/O3oXIZ00hPXHwO:Kt7xlFVrsn5OUMmYi2O
                                                                                                                                                              MD5:DC0A0FA0923FE130265300D2FD0A5A21
                                                                                                                                                              SHA1:147942E568011F41BAB03EFB06B0BEFF41D7290D
                                                                                                                                                              SHA-256:0BE2BD23192BD0726C5754E025688C96E050A72CD77DBEC9CAE3213B3919AC79
                                                                                                                                                              SHA-512:71A05D05B82191A1603D5602C42AEB3FB20DF449AF6A889894814C727845C32C04A8FEFD4B249FD063A7A813E8A491EFB14714509F2481FD151E5EBECFBE30F8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF............................@.......`...........@.8...@.....................................d.......d.......................................................................................................P.......P...............................................$.......$...............................................(.......................P.td....X-......X-......X-.......h.......h..............Q.td....................................................R.td................................................................GNU.."..:.Yc..P..N.......................... ............@.....................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{.........................................................................................................................v.......................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_wlgrab_intel-32.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=053f1bb5e7fd9862400c09b65450800fef1af96a, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1377844
                                                                                                                                                              Entropy (8bit):6.410081013553587
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:xdzxS42n7vN02nlcbvTBsRfEI1PPEtimu4uY:xFSCpa57m
                                                                                                                                                              MD5:1EA0228903E7AF6332853658E94A7B9C
                                                                                                                                                              SHA1:727DE04502F0A4FE9A3F4375BD3D729FAC34833E
                                                                                                                                                              SHA-256:3D7F950701098DD8C421A63570948A638068A5E9DEAB248312F96490F81BF387
                                                                                                                                                              SHA-512:8E8C051D4B23BB6878446308D6A8565C57B99BECBADECEBC6BD5A2E0B14D91F4D819FC27008A88D9074B886412043E437999FA07F581F8292A3F00BE90B3C6D2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF........................4...........4. ...(......................................................|..t...........................(...(...............4...4...4...$...$...............................X...........P.td8...8...8...tg..tg..........Q.td............................R.td............h|..h|......................GNU..?.....b@...TP.....j................. ...!..............................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{..................Y...............................N...............................................................................................................-...............................t...............z...............................................V...............................D...............u........................... ...E...............................i...............+...............................................M...............................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_lnative_wlgrab_intel-64.so

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7289b06ab84351098a1a9d22698830a3601537d1, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1284424
                                                                                                                                                              Entropy (8bit):6.052011079108358
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:7MQsXYgQPC4QM0s5Ry+l0C4btLFRdsR61TdFwa4WCPTOuOuRgNaDjGmQmmGmGnr+:7uXYgQ9l9RyEkRdsR61TdFwa4WCPTOuK
                                                                                                                                                              MD5:5245734608D4A94439A59FE99403AA9F
                                                                                                                                                              SHA1:86162F14A00ECD05738FC946309849059AD62146
                                                                                                                                                              SHA-256:3D889CFDE9F4244E5E9E97EFE6D5FE427C9B8AF0F10AB1EE66DAE3E4F3C2077A
                                                                                                                                                              SHA-512:FEBEFEF4C3AF2A5594E463C23FD39450A9E3E5AB6CC69687BDB25CE47FD1368A3222FFA561899B8AA7610BED8145E2742B59DF1A2DCE8BB45C80852DDD9D2A74
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.ELF..............>.............@...................@.8...@....................................................... .......................2.......2....................... ..............|.......|3......|3.....P.......P...............................................$.......$.................................2.......2.....(.......................P.td....@.......@.......@.......$h......$h..............Q.td....................................................R.td..............2.......2.....H.......H...........................GNU.r..j.CQ...."i.0.`.7...................... ............@.....................................................................................+oJA.Epz.B.G.$Z.....t.?..Z.U......#.....{..........................e.......................;...............................................H...............................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_mnative_arm-64.jnilib

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O 64-bit arm64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):82976
                                                                                                                                                              Entropy (8bit):4.14303357236509
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:4pTFE8KPyJ6H9QGPjtQ2uZiuhjW9mcSoezVHxAIDFnboe5ud3y/qtLaXvaB:ChbJKQFW9mcSoezVHxAIDFnEL3LtLv
                                                                                                                                                              MD5:F0A492B6686EA4975AD89D2D3E8FE024
                                                                                                                                                              SHA1:56EE84A0FCF9D2A8E4248ECC264CD25DB0DB4C09
                                                                                                                                                              SHA-256:EEAB239157837163A17D43563BAB90C39869EDA1F94B8FAA2CA67880E65D68AC
                                                                                                                                                              SHA-512:E089D4918D9032E1B0B4F2395640155955F747360A68E5852BE864421A32ED2DB894A6F127E2F61BFCA51487F8B27724B706F5F31C3CCB94429E46D5D2289A7D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....................`...................__TEXT..........................................................__text..........__TEXT..........8........H......8...............................__stubs.........__TEXT...........a...............a..............................__stub_helper...__TEXT...........d...............d..............................__objc_stubs....__TEXT..........(g..............(g..............................__objc_methlist.__TEXT...........l...............l..............................__const.........__TEXT..........Hm...... .......Hm..............................__cstring.......__TEXT..........hm..............hm..............................__objc_methname.__TEXT...........z......|........z..............................__objc_classname__TEXT...........~...............~..............................__objc_methtype.__TEXT...........~...............~..............................__gcc_except_tab__TEXT...........~......P........~..............................__unwind_info...

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_mnative_intel-32.jnilib

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O i386 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48264
                                                                                                                                                              Entropy (8bit):5.160409787073643
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:oAoIi2ie+nKFHA2bqbOVs1o6kkW92bHo2n:AYuKFgPyVs1o6/I2n
                                                                                                                                                              MD5:799475D2756C2E876336FD75B6EB5F4E
                                                                                                                                                              SHA1:9962E738234DB589B58D6CD7899DEF9A16A95C32
                                                                                                                                                              SHA-256:7524E215283058A603276D1904069E1BCB55684EDCCEE64EAAB65BE0C0BF8644
                                                                                                                                                              SHA-512:77323503DF77836947FEFDDBDD8C6D9248198E596E4951C0B06A7FA47BF4AD786553F8FC72A1837694C9857F4DDD112B75CC0C17811FD9A05CE4DC9DB50858A1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....................\...............__TEXT...............p.......p..................__text..........__TEXT..............rO..............................__symbol_stub...__TEXT..........2`......2`..........................__stub_helper...__TEXT...........a..F....a..........................__const.........__TEXT.......... e..D... e..........................__cstring.......__TEXT..........de..J...de..........................__unwind_info...__TEXT...........o..H....o..............................X...__DATA...........p.......p......................__dyld..........__DATA...........p.......p..........................__nl_symbol_ptr.__DATA...........p..0....p..................F.......__la_symbol_ptr.__DATA..........8p......8p..................R.......__const.........__DATA..........Pq..$...Pq..........................__cfstring......__DATA..........tq..`...tq..........................__data..........__DATA...........q.......q..........................__common........__DATA...........q..$.......

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_mnative_intel-64.jnilib

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O 64-bit x86_64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48596
                                                                                                                                                              Entropy (8bit):5.1307808791821445
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:awUJhaxWNlEeCCc2E5D/kif5MgZuo6BTlnhelkHACT0bH0:i7NlEeCCc5bkaTuo6/gCTsH0
                                                                                                                                                              MD5:00EC4A8DA3446338AC75C28BDB9422E3
                                                                                                                                                              SHA1:B9C27C37D2436852861DF59F505E0F1C16615909
                                                                                                                                                              SHA-256:F4935B47A7325043B921F0A11DF4F73C25BEE708F70D5D04C31FE75B947284D3
                                                                                                                                                              SHA-512:05EBCFBB2780DD87B30E69126D8BB2C6F9F299F4B38AF506B9D72B01A2AE328470DD53521567BB55F0D4496A5AD62F23622493DEC2E04ABB9B2C9E7975A22790
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....................8...................__TEXT..........................................................__text..........__TEXT..........0........I......0...............................__stubs.........__TEXT...........e...............e..............................__stub_helper...__TEXT..........@g..............@g..............................__const.........__TEXT..........@j......`.......@j..............................__cstring.......__TEXT...........j...............j..............................__objc_methname.__TEXT..........Op......o.......Op..............................__objc_classname__TEXT...........s...............s..............................__objc_methtype.__TEXT...........s...............s..............................__gcc_except_tab__TEXT..........pt..............pt..............................__unwind_info...__TEXT...........u...............u..............................__eh_frame......__TEXT...........u......X........u..................................H...__DATA..

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_mnative_lion_intel-32.jnilib

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O i386 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):53240
                                                                                                                                                              Entropy (8bit):5.334394277799203
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:5ECMoCoHJbbxMwiXOCZZve+WcZvLCCbQrSoezVHxAIDFnboUkr8I5Yp:DrH/EPmhcJLFbGSoezVHxAIDFnEP2p
                                                                                                                                                              MD5:62D5A28E91D53BA9C3F0F2F724F0DE7E
                                                                                                                                                              SHA1:5FC63AE71388F1E9D6062D0029BB7EC1EFFD67C0
                                                                                                                                                              SHA-256:B4CFCE124F113273F97D390B022F7CEEB9157C890951AD07277D1925C50FE1F4
                                                                                                                                                              SHA-512:E232AB10B79278104B5D46B41CDEC40461D108ED6D1A422ECF34527E508EA14258CA32A7C1B0D160AAABFB40D1FF5A204126655031137672E0A33FA3B64C1B91
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....................................__TEXT..........................................__text..........__TEXT..........p....S..p...........................__symbol_stub...__TEXT..........bi......bi..........................__stub_helper...__TEXT...........j.......j..........................__const.........__TEXT...........m..,....m..........................__cstring.......__TEXT...........m.......m..........................__unwind_info...__TEXT..............H.......................................__DATA..........................................__nl_symbol_ptr.__DATA..............H.......................C.......__la_symbol_ptr.__DATA..........H.......H...................U.......__const.........__DATA..........T...$...T...........................__cfstring......__DATA..........x...p...x...........................__data..........__DATA............................................__common........__DATA.............$...............................__bss...........__DATA..............,.......

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\libutils_mnative_lion_intel-64.jnilib

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O 64-bit x86_64 dynamically linked shared library, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_REEXPORTED_DYLIBS>
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):50832
                                                                                                                                                              Entropy (8bit):5.529104520183272
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:e9jSxSTZyaPkte15iRj2mXSoezVHxAIDFnboxTlxM6VSwbV9TELt:oTZyaPh1cj22SoezVHxAIDFnEgegLt
                                                                                                                                                              MD5:9B45305D59482C723E9ECFACE029C2AA
                                                                                                                                                              SHA1:51FF4D4B8074C7557BC33EF3D8EBCC24EE24505F
                                                                                                                                                              SHA-256:98DC1B4BBFDCD7CA8B26659771A8A4319DCBCC3E3F6F54EE28DC246B8C68CF75
                                                                                                                                                              SHA-512:7D89E6A306B0F86DF40E6C2FCE84D66D3F88EE7DA4E213F5E8FDB9029BB1AFCBDECBEE563CDBC7C6E2CC170D87850CBACD741748DA91F4E530F58C23503F44AD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................__TEXT..........................................................__text..........__TEXT...................K......................................__stubs.........__TEXT...........^......z........^..............................__stub_helper...__TEXT..........X`..............X`..............................__const.........__TEXT...........b......P........b..............................__cstring.......__TEXT..........0c......P.......0c..............................__objc_methname.__TEXT...........p......o........p..............................__objc_classname__TEXT...........s...............s..............................__objc_methtype.__TEXT...........t...............t..............................__gcc_except_tab__TEXT...........t...............t..............................__unwind_info...__TEXT..........@u..............@u..............................__eh_frame......__TEXT...........u......(........u......................................__DATA..

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\nativesplash.png

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PNG image data, 300 x 199, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):48996
                                                                                                                                                              Entropy (8bit):7.98911353514533
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:PH6LCpLFCNXKk4Kci6lNXi4aJoyAeCWf1MePs6vil+i0kBrgAn95Drw+ViYmXkjM:Pa2DuklNS4aJTLf1Mss9hNxgAnHBVJCD
                                                                                                                                                              MD5:5A45F8CBAB673E58122665ED3AE811B4
                                                                                                                                                              SHA1:0CC0D5A984C7B731061C16812F1D6192943880C3
                                                                                                                                                              SHA-256:E66CACA0E342FAF63662BA5A9C1E89C8579B9E1DD50521A62170792CD3483DCE
                                                                                                                                                              SHA-512:5E3EBCF1ACFD8D20C38C02D4C9574D1C976B70AF19862AACE2DF2325A614A4F7805B7FC69F9714D4B2FE012FA1938A7BA99CCE125EF116B79BC214297DFA8B64
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.PNG........IHDR...,...........n.....IDATx..}..V.....60...H/.{..H.H.ADAi. ...H.AQ..g....1.i..l6u..?.l..h.&.M..[...s...... ..w.a...{.y......[.[..~....<n.WZ.%..F"...o..n....{2J5..6.o....fpS.....-\..m.....I........;..g.o......,.,..'8%0o6W.2.h>N...g5..AM.. 38.......ud..u...........>........'...Y.....'.wp..J...x/.$..t.Q.5.?..^.......7........W.`.........z.....p%<0.6.-..l.?.(~.\z..%..l....}6}mD_s..A.......MF"h........s.hL...j..5..0P.......n..O!.$.S(YX...J.....E.jt:.2...kaB.J>..O~.%...$\'I.X X.X@.x.u..)/hQd...B.L.L..C.XpMk0.J.2_......../.1..y......`.l..h..Z..A.z_;...s;}.(#.t*2....]....:.........r=.{....7...].7.z.....y.....Jx.........N..8..o....._......%y....Q...t... N.W.N<.zR......$.J..u.....t....N..o.$dz.6N.|0c.2.A.?.,.#W....%._.).Ny.x..9L.....|t..~...................9.>A.........=.g|.....9.w.`f@..\..1....y?.......=....j.iP.-....H..\...7q..?.}.....ol....@*7i.....yV...lt...J.!..p.`...e$0.{..E.=.'!B...p.`....!n..n.......U...c....rv..T..L.|..oy...

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\session_win.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):155680
                                                                                                                                                              Entropy (8bit):6.860613706831841
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:RJy4rcuFyICsnUL/DbBqdLufa4jggZKDTty0ACNJhACN7MACNJyACNJTACNIACN6:RJLIufC/DbsMNKDTty0FlFmFWF/TFGF4
                                                                                                                                                              MD5:E6D42C11F69732831860A5EEEFD510A1
                                                                                                                                                              SHA1:2ED5ED3AF36F5D9F4F98CC0A1FD8D68D11763FF2
                                                                                                                                                              SHA-256:681660E2A0B47BB4A54EBB953898A6C516A0BCCCF2005D89B3188FB458A4B796
                                                                                                                                                              SHA-512:DC802F2A6D3C6F685380DB2A325B1FE662F5C4EA3448E4EBFA9ED40B9D6B15D2141534DBA2D7C2E787F7A5DFC78797C7B7FB112B8C0C0FAC3741D713F39B9021
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u>.m1_.>1_.>1_.>...>!_.>...>._.>...>C_.>.P.>8_.>1_.>F_.>...>0_.>...>0_.>Rich1_.>........PE..L.....Ia.....................p......T>............@..........................p......C...........................................d....`..............0....T..............................................@............................................text...D........................... ..`.rdata...0.......@..................@..@.data...D-...0... ...0..............@....rsrc........`.......P..............@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\setsid

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Mach-O universal binary with 3 architectures: [i386:\012- Mach-O i386 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|NO_HEAP_EXECUTION>] [x86_64:Mach-O 64-bit x86_64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>] [arm64:Mach-O 64-bit arm64 executable, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL|PIE>]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):83491
                                                                                                                                                              Entropy (8bit):1.1362944712501635
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:B5HCsKpcEqHlyCAEtUtPqSh4HyQe6ux5eLQqfwyj3:zHxKalQnEtoh4SQeLOT
                                                                                                                                                              MD5:FADA5F3DAF579E2076C0A19FE66A8AF0
                                                                                                                                                              SHA1:8D23D531A728A2AACB158ADCD4E8A1C5BFC60288
                                                                                                                                                              SHA-256:8A1BB52D377BCEE8C19712DC500D685CFB02859E703436C77E41DA86EA08B923
                                                                                                                                                              SHA-512:505029C1C60C0701EF008CDD22A7F0E50A53E5279A4E12CD07631BAED21B3BAC3CDD23C69062AD0B31D518AD8979A74F669C8D658FF6D10C6DAC6DC9B1DAEB4F
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:......................#...............@...#`...................#........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shcad.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):179544
                                                                                                                                                              Entropy (8bit):7.391459909684556
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:M9PL3SF2lnnI5CHSjE6/Q9rrM0rrV9r49rU9r09r/trqtrrFyFt:+L3SF2lLHSA6I91Nuye9EFU7
                                                                                                                                                              MD5:D4056204BF0D116AAF2549BC711DE12D
                                                                                                                                                              SHA1:1BB721336A2CC70852BEFFC1F6F8E09EC8EC4863
                                                                                                                                                              SHA-256:E0DAF41E7A7AFA11E1331CFDF9EF4242C8BD0A661EB8191FF8621F5759235F5C
                                                                                                                                                              SHA-512:CF0CECE5DBDCAB445B8AA43AE179C136D8925A4C40BA6F5A499D6E3182F1F05FF2C8A9D64BD38D709BD47951E70505E964A4654AE37558A995BC5DC1C3419CC3
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...............Vm......V|......Vj..........................Vc......Vx.....Rich............................PE..L.....xH.....................F......w.............@.......................... .......;....@.....................................<....................g...U..........p...................................@...............4............................text.............................. ..`.rdata...".......$..................@..@.data....+..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.2.0, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4201
                                                                                                                                                              Entropy (8bit):4.529965685444786
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:fjB5NQRI5T3KEAzkfdR9EJLV2AUEqoeerrer7t88iAUfZ6cLZzqXoHsnHc3N:fjB5NQGRKEFFRa/HqdAZ6CtqXoHsn89
                                                                                                                                                              MD5:8F4229C6CB9A85E0B7D920DC59F8D2B8
                                                                                                                                                              SHA1:7ABC79FE2BEED94157F75D6749CB6B580278750A
                                                                                                                                                              SHA-256:41E033CE02975BE4776D49F10ED7C4A08CFDB65781C16EEB6EF8053557BAF0F5
                                                                                                                                                              SHA-512:53625701512E2366CF49DD0EB80AC31650C679F35B39CF99CEC7822741D5081ED320FE5614A8BBB16696A6461B655A88921AD53F5E4DA48746910FB0F9EDD2CB
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:.ELF........................4...........4. ...(.........4...4...4...................................................................................................0...4...............................................(...(...(... ... ...........Q.td............................/lib/ld-linux.so.2..............GNU.........................................................................................................................................................................................................T.......................'...h...........-......................................................6.......;...X.........................................A...................x...........N........... ...b.......l.......o........... ....libX11.so.6.XCloseDisplay.XRootWindow._init.XQueryPointer._fini.XScreenCount._Jv_RegisterClasses.XOpenDisplay.__gmon_start__.libXfixes.so.3.libXext.so.6.libc.so.6.printf.strcmp._IO_stdin_used.__libc_start_main._edata.__bss_start._end.GLIBC_2.0............

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil32arm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-armhf.so.3, for GNU/Linux 2.6.26, BuildID[sha1]=507685fb8feca3723270b8ae80547d48f9b62d70, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4135
                                                                                                                                                              Entropy (8bit):4.292421294736594
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:oUjrxt5zZlO1xBpL00OrXKQxMhZwOZyOV27Elt8EXAOXI0/al2e/X:5XxbExL+2Qxo2OZyt7ElvXI1l2IX
                                                                                                                                                              MD5:D27AC5186A97F7BAFBF01F7CA53397AD
                                                                                                                                                              SHA1:211E7F2B78058D49474AD7A8BCFCA8A0BCD83BA7
                                                                                                                                                              SHA-256:37B4E5D984B9B37DE59C29EC5B3AD4A3D411D334B1CFB83BB8B2980875AA4194
                                                                                                                                                              SHA-512:5B1AE27F98C964F83FDE14519E6F20AD196B917B85E7F1069F6BDD11ACFD97A04086B39BCAE2AF741264C5DF81FC6E8910CF3558771F09E240944C12AD0BBF68
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:.ELF..............(.........4...X.......4. ...(........p................................4...4...4.......................4...4...4...................................................................T...X...............................................P...P...P...D...D...........Q.td............................/lib/ld-linux-armhf.so.3................GNU.............................GNU.Pv....r2p...T}H..-p................................................................................................................................................................................!..@.@.....A..@$......................................................................4.....vT<......qX.}...f..s..|Y.y.N=.U".aBE..k...@...L)._.....W..+k............................. ............... ...................Q...............................0...............................................6...............................................................C...............................W...............p.......

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil64

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.0, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):6137
                                                                                                                                                              Entropy (8bit):3.548122261886767
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:GMTlAgEM2IlJ176lstScR94vs2Tk9azneUCB:GM5AgEM5JIcv4vs84
                                                                                                                                                              MD5:63F0125B81804B57F8DB4157B976FA64
                                                                                                                                                              SHA1:26ACCB2F7ED0FB46977E74C3D8C6929154E48255
                                                                                                                                                              SHA-256:C007640ADCE86240954BE49AA57634D60BC5DF6ED3912A38224A665EB555CD78
                                                                                                                                                              SHA-512:9B0DC1B4C8EE10014BEDDA43BE1B4B26F219369A1650716866C71597F7E1C19581062CBF5B21A057312E697EEB4316ECF020023A06F07164F678262730060110
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                              Preview:.ELF..............>.......@.....@...................@.8...@.............@.......@.@.....@.@...............................................@.......@...............................................@.......@.....L.......L.......................P.......P.P.....P.P.....`.......h.......................x.......x.P.....x.P...............................................@.......@..... ....... ...............P.td....d.......d.@.....d.@.....,.......,...............Q.td..................................................../lib64/ld-linux-x86-64.so.2.............GNU.....................................................................................................................................................<.......................................................'.........@.............................".......-...............e.........................................P.............;.......8.@.......................P.......................P.............A.......................N... ...................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\shlinuxutil64arm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=431f525625c5beb4fbfb109a08b2d73fdc6852ec, stripped
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):6192
                                                                                                                                                              Entropy (8bit):3.4472228175949953
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:y7U3EB+BtTpFh6hSaANDCs8rDc3MLcT6Lca9yt8nsjd0A28ZJa79:y7FB+B9h6hK+rEij4acSAG8ZJa79
                                                                                                                                                              MD5:669C99D4FE8392182D713840B78C3AB4
                                                                                                                                                              SHA1:2C94ED335CF7AB85761056562588A842214C93DF
                                                                                                                                                              SHA-256:DB837AFF5CC099281D2BC82B5FFF6E2CE6327E9AC8BB6B8BA1DB32DDB653E72C
                                                                                                                                                              SHA-512:DC83CEF921E07F6D86BC442DF3E0976FCC7E5DE6E37AAF7BFB777045A4DD0B14069345F59897051C1A3654DF0CB022DEF72BADC3246520EEC7D403827B1C65FC
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:.ELF....................$.......@.......p...........@.8...@.............@.......@.......@.......................................8.......8.......8...............................................................................................................................................................................................................T.......T.......T.......D.......D...............P.td............................L.......L...............Q.td....................................................R.td............................x.......x.............../lib/ld-linux-aarch64.so.1..............GNU.............................GNU.C.RV%.........?.hR..................@"...@...............4.BE...|..W..qX.vT<.Y.y................................H.......................P...............R........................... ......................."...........................................m.......................)... ..........................................._.......................8... ...

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):79144
                                                                                                                                                              Entropy (8bit):6.589693242148884
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:WxfqwmAlBaGbgVVlHXvHqf1B78bCP0DrRcSIq0ti+pWi2kNlTiPpWi2kNlTyEL:af9mWsvHqNOCPqW3ti+ACNiPACNxL
                                                                                                                                                              MD5:CECCE6931ED84AB2ED40F8E5DECC4251
                                                                                                                                                              SHA1:35C7054D48E22DCA205A3972781CE8258D27A7D5
                                                                                                                                                              SHA-256:56D80D5FC71D84B0B5106D65962ECC080C6677B18E7775907B884494AAB83065
                                                                                                                                                              SHA-512:3432E11055197F2FAB4A09FB02FA80C7D61FB286BF9CEC9292405DAFF5EB2AAE296167ABC008B21B368C61E2FF12425639725DE273DB036A8A4BFD397D853F18
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:.L.TKL.TKL.TKk-)K\.TKk-:KR.TKk-9K..TK...KO.TKL.UK..TKk-&KM.TKk-,KM.TKRichL.TK................PE..L......a.....................@......Q.............@..................................n..........................................(.......................(U..........`...............................x...@............................................text.............................. ..`.rdata..J........ ..................@..@.data...(+..........................@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\simplehelper64.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):86312
                                                                                                                                                              Entropy (8bit):6.5151975592149105
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:6YEl5cHVzffe7LXUj4SFyoBrUL3XXTACNFACN6/:6Y6KHVzffe7LXmF7BoLHXTF/F8
                                                                                                                                                              MD5:7B2761CC6ED64D67C359E4646FFA46AD
                                                                                                                                                              SHA1:94547208C2DA3FE8FE47881C1351A1DEBB0E1D4E
                                                                                                                                                              SHA-256:6A979BF308BACAE11F62C84A0AECB36823CF0B47ECD47F67A41BB66DD5A55078
                                                                                                                                                              SHA-512:07334F8F69E9CA1BB6373D94E92DD181FEA2FBBCE9CD2BC8DE2FA7D338E096B423946E6E621502EF2FF1FAD1F73EE20E17B3D9D31FE62F83D4063FA1B90CF60E
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......jm.....Q...Q...Q..Q)..Q..Q0..Q..Q{..QX..Q-..Q...Qv..Q..Q/..Q..Q/..QRich...Q........PE..d......a..........#..........V................@..............................P......BF......................................................|...(....@.......0..........(U..............................................................8............................text.............................. ..`.rdata...,..........................@..@.data...85..........................@....pdata.......0......................@..@.rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\da.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):215245
                                                                                                                                                              Entropy (8bit):5.311440994454596
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:KuA4CNFYL/lQYXJS9/4KwKWevH+QrGjmv/m4K/5Qzi+EuEna6tVwTYi8L2E6LGcJ:1A4CNFxV/KjeqnrtOYmEWURtcX
                                                                                                                                                              MD5:D9E28C4590DDBB77E5C41AF8AC83B7D3
                                                                                                                                                              SHA1:6209A64196AC4F7DE2CDC8FFB72F7851145D5B65
                                                                                                                                                              SHA-256:1864ECCECC32DF05602BBB246DFA83B63C84D4751240A4C3A3EB0BB4D8E7D317
                                                                                                                                                              SHA-512:284525249517CA3ED6BA67E33E5C9E76967AD42A4E67786B921B028B54877615CD4AE462D2E46775D6D7B912372192039262B1D87098CA9DF202205C37698663
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.########################.# DO NOT TRANSLATE.SIMPLEHELP = SimpleHelp.SIMPLEHELP_HELP_VERSION = SimpleHelp v.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.########################.POWERED_BY = Leveret af SimpleHelp.POWERED_BY_TECH = (Supporter klient).# Tech Client Login.SERVER_USERNAME = Brugernavn.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server Hostnavn eller IP.SERVER_PORT = Server Port.SERVER_PASSWORD = Adgangskode.# General.Company = Firma.LOGIN = Login.EXIT = Exit.CONNECTING = Forbinder.CONNECT = Forbind.KICK_USER = Afbryd.TERMINATE = Afbryd.KILL_SESSION = Afbryd.WAITING = Venter

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\de.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):234166
                                                                                                                                                              Entropy (8bit):5.315220143568042
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:ikaVrUB/CPTfrmAV9MD7FzMRNBgWKI4UJbObvKtwa28:ikaVAFzVGwa28
                                                                                                                                                              MD5:13EA68A15A63CCD7F64516476BBB8A0B
                                                                                                                                                              SHA1:1FCBE2CA4207F410BBF71C7784C00C4718E65121
                                                                                                                                                              SHA-256:813C5872E299449BCBE46697003F1CC728660D9259AB7A4D4B24F3033DC1E64A
                                                                                                                                                              SHA-512:F68E7CA644E354AD13D51DF41BE63C878286CE028700CCF6113FBD9E9F919CF54E4A8E159B9AC2100BE5B758D91D0E43A97097D77F0A24AA012924393F2E3F00
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - German.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Powered by SimpleSupport.POWERED_BY_TECH = (Techniker Client).# Technischer Kunde Login.SERVER_USERNAME = Benutzername.SERVER_LOGIN = Server-Einloggen.SERVER_HOST_OR_IP = Server-Hauptrechner oder IP.SERVER_PORT = Server-Port.SERVER_PASSWORD = Passwort.# Allgemeines.Company = Company.LOGIN = Einloggen.EXIT = AusgangLizemz.CONNECTING = Anschlie.en.CONNECT = Verbinden.KICK_USER = Beenden.TERMINATE = Beenden.KILL_SESSION = Beenden.WAITING = Warten.CONNECTED = Verbunden.OK = OK.CANCEL = Abbrechen.ACCEPT = Akzeptieren.REJECT = A

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\en.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):216899
                                                                                                                                                              Entropy (8bit):5.240025743986884
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:Y69qsnCk4aoCw6Nl/KfmroAE+OVmdDc8bhXaTRrR3o:DqcFYrNo
                                                                                                                                                              MD5:E4B3483826661C3D5430379904E4465C
                                                                                                                                                              SHA1:84A87C610DE3D618BA9B399E1A06674A589ED8FD
                                                                                                                                                              SHA-256:E2AEFD0B08FD3D8F2D4B2F9F941CD4D19D8855A3602D7B7806BC0ABD192192E4
                                                                                                                                                              SHA-512:57AB86269823D48CC5CA39E3BFA2E4C3F6D6B8292DA2B34050077936784F852EE9645B1088975BB3840FA48EE413BFE73ED65E2CE59650B5BB2793BA18003921
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - English.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.########################.# DO NOT TRANSLATE.SIMPLEHELP = SimpleHelp.SIMPLEHELP_HELP_VERSION = SimpleHelp v.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.########################.POWERED_BY = Powered by SimpleHelp.POWERED_BY_TECH = (Technician Client).# Tech Client Login.SERVER_USERNAME = Username.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server Host or IP.SERVER_PORT = Server Port.SERVER_PASSWORD = Password.# General.Company = Company.LOGIN = Login.EXIT = Exit.CONNECTING = Connecting.CONNECT = Connect.KICK_USER = Terminate.TERMINATE = Terminate.KILL_SESSION = Terminate.WAITI

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\es.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (315)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):235027
                                                                                                                                                              Entropy (8bit):5.219843432808848
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:2WjIv6aOALSm+eBP0KMf4PMLmu+KsgnYd/155H15NLR13NqI0x7vF:vj7wu+wcLRJ0H
                                                                                                                                                              MD5:A45D7E08349A42329A3F9447F490FED2
                                                                                                                                                              SHA1:00573D2299D4C6AD9F15FB27745269337565A9C2
                                                                                                                                                              SHA-256:706389543C412990812745BEB9C8EC5A70FCB3B0F94C12B9FBF1E6D8DB2E371A
                                                                                                                                                              SHA-512:61F32E6E3B8A600F99B01A98297DAA2DFB24E8548D01121E9EDF3B5F155B32D9E3443C944AB096DD2980D773393781EE1B654071B73562A49216BBAE5ADD51CB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Provisto de SimpleHelp.POWERED_BY_TECH = (Tecnico Cliente).# Tech Client Login.SERVER_USERNAME = Nombre.SERVER_LOGIN = Servidor Conexion.SERVER_HOST_OR_IP = Servidor Nombre de Dominio o IP.SERVER_PORT = Servidor Puerto del TCP.SERVER_PASSWORD = Contrase.a.# General.Company = Compa..a.LOGIN = Conexion.EXIT = Salir.CONNECTING = Conectando.CONNECT = Conectar.KICK_USER = Desconectar.TERMINATE = Desconectar.KILL_SESSION = Desconectar.WAITING = Esperando.CONNECTED = Conectado.OK = OK.CANCEL = Cancelar.ACCEPT = Aceptar.REJECT = Rechazar

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\fr.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):242677
                                                                                                                                                              Entropy (8bit):5.269203032764692
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:I0kp9lPhiTTZaVuLCn/irMVpV3Sg9AnOPUl2Us+TF5NBHCn:I0kp9lPhibC/dMlpFHBHC
                                                                                                                                                              MD5:01D3A06E92F2862FA3CEE820B8ED821A
                                                                                                                                                              SHA1:D08E6F017B03CEC105B5E063DC5558E2C571EE95
                                                                                                                                                              SHA-256:28ECD630F1EDC0FB459DE65810BA7FD073F2FFF669C3B7A84E8FAC2BCDDE54F6
                                                                                                                                                              SHA-512:12317066A1B3143C5E50E92279C4B8498F857A383D05E95CC95DE8013826A4A3B25C4F4AA2F84BA63D2C154B2D74BEAFD9DBA05B5C9C4B0DD35D16A1309E559D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - French.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = .dit. par SimpleHelp.POWERED_BY_TECH = (Client Technicien).# Connexion Client Technicien.SERVER_USERNAME = Utilisateur.SERVER_LOGIN = Acc.s au Serveur.SERVER_HOST_OR_IP = Adresse h.te ou IP du Serveur.SERVER_PORT = Port du Serveur.SERVER_PASSWORD = Mot de Passe.# G.n.ral.Company = Entreprise.LOGIN = Se connecter.EXIT = Quitter.CONNECTING = Connexion.CONNECT = Connecter.KICK_USER = D.connecter.TERMINATE = D.connecter.KILL_SESSION = D.connecter.WAITING = En Attente.CONNECTED = En Cours.OK = OK.CANCEL = Annuler.ACCEPT

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\it.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):232035
                                                                                                                                                              Entropy (8bit):5.184561521854242
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:45gTAzTV66uU4vN77jFCMzjKx0Z8EtktYcJwYKvszf:YzUdv8
                                                                                                                                                              MD5:9329D562181CD3E575FDA48C92BBD922
                                                                                                                                                              SHA1:1DF9DF555AB9808D539103846D4BF979C3411EDA
                                                                                                                                                              SHA-256:5636A90FE3F7E6F46211A914721E6E89E16FF2A72AE0E7DDB3356961A7E0B45A
                                                                                                                                                              SHA-512:EA7DA25017925B2959A08CE16BF6A9887008ABC627728AD8B29324F5B3644186CA7B4217BF320128F530C3ED722D760FA953FC211BD24044AF8EDCB81EA5B31A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Italian.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Powered by SimpleHelp.POWERED_BY_TECH = (Client Tecnico).# Tech Client Login.SERVER_USERNAME = Nome utente.SERVER_LOGIN = Login per il server.SERVER_HOST_OR_IP = Hostname o indirizzo IP del server.SERVER_PORT = Porta del server.SERVER_PASSWORD = Password.# General.Company = Societ..LOGIN = Login.EXIT = Esci.CONNECTING = Connessione.CONNECT = Connetti.KICK_USER = Termina.TERMINATE = Termina.KILL_SESSION = Termina sessione.WAITING = Attendere.CONNECTED = Connesso.OK = OK.CANCEL = Annulla.ACCEPT = Accetta.REJECT = Rifiuta.RE

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\nl.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text, with very long lines (305)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):226220
                                                                                                                                                              Entropy (8bit):5.233290818582553
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:KIyJhoTNU3m0u/uHx85sZHUXHTL7W2Ra59FB6pr0iP1j/aEvlYVND1Nr1Izr2tV9:vGbc5GiP1jBlVasrNzrJ8G3K+TgjIM
                                                                                                                                                              MD5:3365EB8CBD8ABAB73EDF2D60CF15398E
                                                                                                                                                              SHA1:EC96024C80064B3573F2FF864B30FD2BB84ACE06
                                                                                                                                                              SHA-256:C1F3CABC945E03F993B5E04A1E79AEF12A939614CF0262323F574F9BEFB40E70
                                                                                                                                                              SHA-512:7BCD015A18E50532CAE1973D6587CC9D6DEAF9F9527AFFF4C32FED5F849C7E0CE63A69399F4CCD4243D8491EDCCFEEC080FF148F9B3664555B343BD9E1E94E74
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Dutch.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Realisatie SimpleHelp.POWERED_BY_TECH = (Helpdesk Client).# Tech Client Login.SERVER_USERNAME = Gebruikersnaam.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server Host of IP.SERVER_PORT = Server Poort.SERVER_PASSWORD = Wachtwoord.# General.Company = Bedrijf.LOGIN = Aanmelden.EXIT = Sluiten.CONNECTING = Verbinden.CONNECT = Verbind.KICK_USER = Be.indig.TERMINATE = Be.indig.KILL_SESSION = Be.indig.WAITING = Wachten.CONNECTED = Verbonden.OK = OK.CANCEL = Annuleer.ACCEPT = Accepteer.REJECT = Afwijzen.REFRESH = Vernieuwen.PU

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\pt.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):233015
                                                                                                                                                              Entropy (8bit):5.29031953243118
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:7goIk/KIC8Jy3IQb0YexAb3Txm1noBGh0YXcDQrtwdAUKO4ShqFnfVfvHLvljx:8oIQ1oIqq7vrNjx
                                                                                                                                                              MD5:AA82474D04897DDC092FEC4235CB86C7
                                                                                                                                                              SHA1:42E52D70A72FEE18CF89568D9CA61248ECB26597
                                                                                                                                                              SHA-256:C11845282752EEC46901CED02FB7D016BCBCED1A95A0FBC371BBD07BE9F11AE0
                                                                                                                                                              SHA-512:3604288BDD126C9B104992C8C36508181ADEF7678D3BAD027F6477E97430C65B8B72A1609FFA1357DC3890D212F9D0A5CEF4D094464E6D6E14D4CB137A8C21BC
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Portugues.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Produzido por SimpleHelp.POWERED_BY_TECH = (T.cnico Cliente).# Tech Client Login.SERVER_USERNAME = Utilizador.SERVER_LOGIN = Servidor de Conex.o.SERVER_HOST_OR_IP = Nome do Servidor ou IP.SERVER_PORT = Porta do Servidor.SERVER_PASSWORD = Palavra-passe.# General.Company = Empresa.LOGIN = Conex.o.EXIT = Sair.CONNECTING = Conectando.CONNECT = Conectar.KICK_USER = Desconectar o utilizador.TERMINATE = Desconectar.KILL_SESSION = Desconectar a sess.o.WAITING = Esperando.CONNECTED = Conectado.OK = OK.CANCEL = Cancelar.ACCEPT

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\translations\sv.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):217363
                                                                                                                                                              Entropy (8bit):5.371991557783809
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:KDP4/mxznPfWGjuY/jjHUZHqW76tvshbHJ6+l+H6LQUYWU+0Sx/2fHL+lDAAhDrJ:o4/SuqwV6shvhuPL+yYrZrVROnYR
                                                                                                                                                              MD5:0A7F5E03426A22152416B67240F78101
                                                                                                                                                              SHA1:56BE521DE9960BF69902F40CA1D3F92E22AFEF72
                                                                                                                                                              SHA-256:331CE6D61A333B6EBFD0C9F3B46E25A88EC17960EBF1FE4BDF72CBA99111C0F6
                                                                                                                                                              SHA-512:10503E5F3645EC024C9C84C6C9B4D1EDACAEA497F6266BF0CD9323B0D8789EB3E182C628E3ACAAAB21ACD206985FBE0E57E446BE3AE61E5651834EFCEE0759D8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:charset = UTF-8.####################################################################################.# SimpleHelp Primary Translation File - Swedish.#.# This file should not be altered. To customise translations place.# altered KEY = VALUE pairs in the 'configuration/translations' folder,.# in a file with the same name..####################################################################################.DO_NOT_TRANSLATE_DEFAULT_USERNAME = SimpleHelpAdmin.POWERED_BY = Drivs av SimpleHelp.POWERED_BY_TECH = (Tekniker Client).# Tech Client Login.SERVER_USERNAME = Anv.ndarnamn.SERVER_LOGIN = Server Login.SERVER_HOST_OR_IP = Server V.rd eller IP.SERVER_PORT = Server Port.SERVER_PASSWORD = L.senord.# General.LOGIN = Logga in.EXIT = Avsluta.CONNECTING = Ansluter.CONNECT = Anslut.KICK_USER = Avsluta.TERMINATE = Avsluta.KILL_SESSION = Avsluta.WAITING = V.ntar.CONNECTED = Ansluten.OK = OK.CANCEL = Avbryt.ACCEPT = Acceptera.REJECT = Avvisa.REFRESH = Uppdatera.PUT = Skicka.GET = H.mta.DELETE =

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-32.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):136616
                                                                                                                                                              Entropy (8bit):6.48208955998323
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:rpxPQy6KFzSmgYiZewzxDgu0JDPlRyzsnTERA0Cr4/V1yzB6lhEJACN6ACNM:rpxNXStgDPzUjCr4nyzB6lcFIFi
                                                                                                                                                              MD5:075190B9E9D22995B054D00BAC6D32BF
                                                                                                                                                              SHA1:2C49B7441B27FE857A33762170958AFC72F2AC87
                                                                                                                                                              SHA-256:510221064E8AEE73189621AFBC2CF3E1FC55377D13A20EF5C379EFAC51556FD0
                                                                                                                                                              SHA-512:D83583515D7B4523E26C170016BA57AE62EE64EEF81D3A0851548804EA25A3F004FEADCCA9C365AC26398FFFFCC4971D8B61A644AC810A5CE780F3793B880DE0
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w..Z...Z...Z...}..M...}..x...}..$...Z...:...ay.S...a}.[...}..X...}..[...}..[...RichZ...................PE..L...'p.e...........!.....0...........I.......@......................................c................................g..|....^..d........................U..........................................XY..@............@..l............................text....$.......0.................. ..`.rdata...(...@...0...@..............@..@.data...\6...p... ...p..............@....rsrc...............................@..@.reloc........... ..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_dxgi_intel-64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):160168
                                                                                                                                                              Entropy (8bit):6.5191234665690025
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:nwwPgcmFa8t0qeQOS9EGyFwOp27S7OHiZOqSgku3Q2Grp8G62sqJxFrFV:nwYgtaS04El4G7CiZO0m62sWNv
                                                                                                                                                              MD5:36EE3E5CF41FD6F4CB339BC62A469A2F
                                                                                                                                                              SHA1:75AD36162C7513CE74D74742AB3D19474DFB6FC5
                                                                                                                                                              SHA-256:BCEFF8F6F439AE671993233C44E40A9DCC63CBA05D9E43B9F9FDAF39FD20777E
                                                                                                                                                              SHA-512:4FDBDEA505FB8AAA68AB01C87094DDA1CAF3BAA59E006086112B1B99E7E5F5E1E21A9BAD282E6548B182003B6C354C1251AB87AF2E2692214E50E0FE68161816
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.4.0.ZW0.ZW0.ZW.Q'W7.ZW.Q4W..ZW.Q7WD.ZW9..W9.ZW0.[WR.ZW_..W1.ZW.Q+W2.ZW.Q W1.ZW.Q"W1.ZWRich0.ZW........PE..d...&p.e.........." .................^...............................................m..................................................|.......d....`.......@...........U...p.......................................................................................text.............................. ..`.rdata...L.......N..................@..@.data...H@..........................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..8....p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-32.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):202136
                                                                                                                                                              Entropy (8bit):6.575721516742258
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:aISZX22f4Ut6YCRqcdzUBcMmtNu69P/7CSFpyXzSJLNhkFuFU:atZG4t0MBcbNuc7Cd2JZhko+
                                                                                                                                                              MD5:1065756574431B40190427B3047B4E73
                                                                                                                                                              SHA1:DCF85749BBBDE937E7BBB8774CB9C6B1AFE6C87B
                                                                                                                                                              SHA-256:193E5FC5E00AD5494119B99A9526047839A391BF4998F27E25BA6715AD870473
                                                                                                                                                              SHA-512:3AE69A06162B14CC0C16F6202BF6AF6CEB5286AA4EAF46A8FA15CF88A7F4D84AE017DA10DB2E567E005945EEFFD091C85239D1AE2A5776EB25D7B4BADE76D099
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}..}..}.....}.....}....".}..|.R.}.^....}.^....}.^....}.....}.....}.....}.Rich..}.........PE..L...3p.e...........!................................................................F...................................3%..(............................U..............................................@............................................text............................... ..`.rdata..3...........................@..@.data....Z...`... ...`..............@....rsrc...............................@..@.reloc..F%.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_intel-64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):235928
                                                                                                                                                              Entropy (8bit):6.527870095210602
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:zYQVqceOGvd9raXEdM5YaT8fiwp4ub+ia6+N5Q4JYrZOqCVUYCP8bCu1aYpypVmK:zYesO4rs5Y4Cv+3yrZOJGybCuRWmNEv
                                                                                                                                                              MD5:80B30E2AD89622349C398EA52287FC93
                                                                                                                                                              SHA1:A006731028AF004F1942B35B6021AA381445B3C3
                                                                                                                                                              SHA-256:C994CBC5FBE807926F38D330DE8BC1FA9A0785DA72A0CA821DDCFC0968130A4F
                                                                                                                                                              SHA-512:DA7D2CAB04CD607CBAC32EB4F930717DB549B472FF58F2DAD44882ED00406B908F445C40EDD5A8C8A1150AB10FA696682B723F77712FED53A96989051A781F7E
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9..BXz.BXz.BXz.e...EXz.e...hXz.e...4Xz.K .OXz.BX{..Xz.K ..CXz.K ..AXz.e...NXz.e...CXz.e...CXz.RichBXz.........................PE..d...-p.e.........." .....(..............................................................................................................#......................H!...D...U...........................................................@...............................text....&.......(.................. ..`.rdata.......@.......,..............@..@.data....e..........................@....pdata..H!......."..................@..@.rsrc................8..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-32.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):91520
                                                                                                                                                              Entropy (8bit):6.314490097655163
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:qZ3RVBlbGofPuNP2t7pNLntqkJoY4ACN7qACN9:qVio+Et7pxtRijFJqFf
                                                                                                                                                              MD5:46EFBAD2120884049C6BD795C4EB75D5
                                                                                                                                                              SHA1:6FC7EE38EF6EB20292436201A1B5D4A95639CB40
                                                                                                                                                              SHA-256:010D8DBB0F9AB714EB2BD01BCD394E0DF274C14BB2217DFCC5C1F24CF9F94B7B
                                                                                                                                                              SHA-512:1CE54214CA9A1E4DFDEA20EA15AA64CDCF62113D86A0A77E7DF50918A0268FC75618DB18070CB0EDC2EB6FAECE79503A2F678FA12920B0385C9D0C2518EDCD7C
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8k..V8..V8..V8..+8..V8..88..V8..;8..V8t..8..V8.N.8..V8..W8..V8..'8..V8..,8..V8...8..V8Rich..V8........PE..L...!..a...........!.........p......I&....................................... ......+...................................t...|...<........................U..........................................`...@...............d............................text............................... ..`.rdata...#.......0..................@..@.data....-....... ..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_shpty_intel-64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):93056
                                                                                                                                                              Entropy (8bit):6.492812378072843
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:uNeDYmcgg/aivQfeHm5ne/7d74kpYAsACNIACNM:uNeDYmci2QfeHm5e/7d74kpYAsFKFW
                                                                                                                                                              MD5:BBACA90E7D1C4605BA4B27E4246F850F
                                                                                                                                                              SHA1:5529A7B5076E2139AFD74160922B9D28E83F3D9A
                                                                                                                                                              SHA-256:F3A610E5E029FF3BAA9333870EBE2D5B644A5E7176DACBEA2B7829636A0FF3FF
                                                                                                                                                              SHA-512:AE647236FBF8B2E281E64F4C1F334176E2184CA847B655B94915F99CA7B8D3000E326AE90E28C43C89BDC83FB3789067EB7A1B7CFCFCE4CFA9C19AD8264FE242
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I.\L(m.L(m.L(m.k...K(m.k...l(m.k...+(m.EP..N(m.....O(m.L(l.&(m.k...N(m.k...M(m.k...M(m.RichL(m.........PE..d......a.........." .........b.......-.......................................p......'...................................................X...@...<....P.......@...........U...`.......................................................................................text...n........................... ..`.rdata..H5.......6..................@..@.data....8..........................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-32.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):193408
                                                                                                                                                              Entropy (8bit):6.6294545749017155
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:cDIlfuQwh9tc1Mz0m+akq7Tdz7TVtae0+urC1ybmq+HvWhd2PIaOb4SjRFBFq:cDIlfCf0Jad7TkPaqonPtTSjRv8
                                                                                                                                                              MD5:FD2ACB8138631023A138A0BA7414B71B
                                                                                                                                                              SHA1:4F274BC4ACB50655B3A6A0E8165FCE5077EB9093
                                                                                                                                                              SHA-256:FAB448B0CDC63F546D5FEB50EF38A1F13D3891C1702481E56AB90D32FF679D31
                                                                                                                                                              SHA-512:BE85FADD4602D388CE0AA717F9A07592FD70B24E1E2F9E83162B6F00B37482E3F754DA08604A9F031475D146D3BB060FFF75F4497BBD9943F047D356D61D6B12
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........UbU.;1U.;1U.;1X..1O.;1X..1(.;1X..1e.;1\..1R.;1U.:1#.;1...1X.;1...1T.;1X..1T.;1...1T.;1RichU.;1........PE..L......a...........!......................................................................@......................... f..g....h..P........................U..........................................PD..@............................................text...{........................... ..`.rdata..............................@..@.data....7...........d..............@....rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\utils_wnative_winpty_intel-64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):225664
                                                                                                                                                              Entropy (8bit):6.186998801398434
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:Qzlgi1AArqtzKTu9OXrYgLbtzZVrDMhD641bF1fbN+vr0h1rT8pqTsj/FxFD:QztnrizKT1YgN/rDceIpArkT8ATM/Xd
                                                                                                                                                              MD5:176324A6B527023B441E9EB563C43E3F
                                                                                                                                                              SHA1:4D0FCA8700A402FA8C396F952492A26EC57AC784
                                                                                                                                                              SHA-256:6F4103BE88C0C638A191556AB6CDCBBA5BBA785FBB28AA90C4C389E076A89F13
                                                                                                                                                              SHA-512:03D7B8F1E8E3909031924072AF0231E00C49DFCE58FE0BD2807D6CF9ECA075C04D457D4F04BAB1A8FF1DAC1100709846BD074873A4250AAD94DF195DC1419EEB
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........MB..,,..,,..,,.}..,,.}...,,.}...,,..T...,,..,-.,,.H....,,.H....,,..~...,,.H....,,.Rich.,,.........PE..d......a.........." .........t............................................................`.............................................g.......P....`.......@..<........U...p..........................................p...............p............................text............................... ..`.rdata..............................@..@.data....D....... ..................@....pdata..<....@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):247680
                                                                                                                                                              Entropy (8bit):6.636513662205058
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:bc1snP6qHJLLVQpmiwZE1pw3SgqcoSR5Uc/kJ:bc1sP6oZGpmiwZE1gS47UcU
                                                                                                                                                              MD5:39AF70F76825599C0BFA21F2C1D3E0DA
                                                                                                                                                              SHA1:318EB5DF33434376B24A8E731E8CE522157C29D3
                                                                                                                                                              SHA-256:8DF867CA5093762E3EC30B91D05F13BEC568E19BD22FF01C88CF3325C46E8F3D
                                                                                                                                                              SHA-512:CD23E27E7BDE19DF4E7C0A65EFD9465C1C7019D150ACE1D2B373A69E39A0A32D2060B68C6B25C849C4FAAB857EA1634794C76EB11CB0015EBD0D718F42BC6E75
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..x..x..*Y..x..*f..x..*g..x.....x..x...x..6.g..x..*].x..6.X.x..Rich.x..................PE..L...p..a.................V..........M........p....@.......................................@..................................1..d....................r...U.......$..................................p...@............p..$............................text...{U.......V.................. ..`.rdata.......p.......Z..............@..@.data...\7...@.......*..............@....rsrc................D..............@..@.reloc...$.......&...L..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\winpty-agent64.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):292224
                                                                                                                                                              Entropy (8bit):6.264531285306189
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:fJ3xfuRV+6fKASzOjTbD4HT+Ur169l5cCf34b1N10XO:kSASzcTIk7p2b13
                                                                                                                                                              MD5:9C14E5ACE445D2AD1570F42C42D3F5C9
                                                                                                                                                              SHA1:0156D4357D2F0DAFFE4084988DB63D81AC152CA8
                                                                                                                                                              SHA-256:46F7A0B475868696E0AD7E26AB6CBBCFDE2FCD33CF8455C9A690F4E85B12B284
                                                                                                                                                              SHA-512:B39CA9D63C9B775E6C344B2DE13D67AE2525A8D3BDB65C620011EFF439C1FE7EA5D010F9DB8A9E56CC2CFE9870A524E7A45BFB41CB6483A1BA9FC4DA0A457DE4
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P. ...N...N...N.R..`.N.R....N.R..;.N......N...O...N.......N......N.......N.Rich..N.................PE..d...Y..a.........."............................@....................................m.....`.................................................$...d....`.......0...'... ...U...p......................................0^..p...............X............................text....~.......................... ..`.rdata...A.......B..................@..@.data....D....... ..................@....pdata...'...0...(..................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\ASSEMBLY_EXCEPTION

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1522
                                                                                                                                                              Entropy (8bit):4.747042537008044
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:b0fFDmMbmRMAOJDcJb3W2zeD34eXqC/5Wx/kaRilV8hWrwr1:b09PbmqAOJIW2KT4eXqC/5WFkaEQW8Z
                                                                                                                                                              MD5:D94F7C92FF61C5D3F8E9433F76E39F74
                                                                                                                                                              SHA1:7A9B074CA8D783DBE5310ECC22F5538B65CC918E
                                                                                                                                                              SHA-256:A44EB7B5CAF5534C6EF536B21EDB40B4D6BABF91BF97D9D45596868618B2C6FB
                                                                                                                                                              SHA-512:D4044F6CEB094753075036920C0669631F4D3C13203CAF2BEA345E2CC4094905719732010BBE1CAE97BC78743AA6DEF7C2AA33F3E8FCA9971F2CA0457837D3B0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.OPENJDK ASSEMBLY EXCEPTION..The OpenJDK source code made available by Oracle America, Inc. (Oracle) at.openjdk.java.net ("OpenJDK Code") is distributed under the terms of the GNU.General Public License <http://www.gnu.org/copyleft/gpl.html> version 2.only ("GPL2"), with the following clarification and special exception... Linking this OpenJDK Code statically or dynamically with other code. is making a combined work based on this library. Thus, the terms. and conditions of GPL2 cover the whole combination... As a special exception, Oracle gives you permission to link this. OpenJDK Code with certain code licensed by Oracle as indicated at. http://openjdk.java.net/legal/exception-modules-2007-05-08.html. ("Designated Exception Modules") to produce an executable,. regardless of the license terms of the Designated Exception Modules,. and to copy and distribute the resulting executable under GPL2,. provided that the Designated Exception Modules continue to be.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\CLASSPATH_EXCEPTION_NOTE

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):552
                                                                                                                                                              Entropy (8bit):4.7745662333200345
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:MiupB7xGXmyFo0U8hawEQ7CxGK2omrmBs2pBQRJ5dqI06q6lCH/:MPD0XlEQaLBszR906qp
                                                                                                                                                              MD5:C5487E4061809B89C950DFAD70912B82
                                                                                                                                                              SHA1:E8F513239CAAEDECDC91223C39E786710204C2E8
                                                                                                                                                              SHA-256:18111D961876128ED662C9E730A4164A9FF5FD902E47E50FCA54A55B96933E4B
                                                                                                                                                              SHA-512:3611A48E5C19A7B2181401AA22692260BA57629120D53823A1B403DB44869E6959AB2D7EE7417A369825033F00252EA47D9C2988E6D4BA1474A716C013252AA8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:A .Classpath Exception File. means any source file contained in this distribution which contains the following words in such file.s header: .Oracle designates this particular file as subject to the "Classpath" exception as provided by Oracle in the LICENSE file that accompanied this code... .Azul Systems, Inc. hereby confirms that each Classpath Exception File is subject to the clarification and special exception to the GPL that is outlined in the accompanying LICENSE file (under the heading ..CLASSPATH. EXCEPTION TO THE GPL.)..

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\DISCLAIMER

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2758
                                                                                                                                                              Entropy (8bit):4.991999130939829
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:eYeKDiBt09PXNQ3acb4TTBmZEGIRS1pp4DeL/hDV+TwGYCTssZ8Vv9sdZjs3cpb6:eMDinKNHBaPH1/pGYmZ8V/cRqnP
                                                                                                                                                              MD5:57999502B1B260B46C8AC67368E54565
                                                                                                                                                              SHA1:182DC12C9C157ADF50DF713CB5519C9A83AFD313
                                                                                                                                                              SHA-256:25D1A025FD194F671FBFF4B855A744C2CB902330856878EE3615575B8C2D8B04
                                                                                                                                                              SHA-512:AAA0F6203E0DEE8BCCDD17A6C212E9CF8BAB408B78A2D6498A20D8D5157DCBA8C88344315EA4F789A26CE53D10825A21DE9689E9456639471AF9E3DDE3214486
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:The copyrights in this software and any visual or audio work distributed with.the software belong to Azul Systems, Inc. and those included in all other notice.files either listed in the readme file or contained in any other included notice.files with this distribution. All rights are reserved. Installation of this.software and any Azul software bundled with or derived from this software is.licensed only in accordance with these terms...Provided you have not received the software directly from Azul and have already.agreed to the terms of a separate license agreement, by installing, using or.distributing this software you, on your own behalf and on behalf of your.employer or principal, agree to be bound by these terms. If you do not agree to.any of these terms, you may not use, copy, transmit, distribute nor install this.software...The software is developed and owned by Azul and/or any of its affiliates,.subsidiaries or respective suppliers and licensors. The software also includes.certa

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\LICENSE

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):19274
                                                                                                                                                              Entropy (8bit):4.667864876938965
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:sY2fSz/rGvS/66YsaZdIP3Lf4vAkMVhPGkupdDdicW:7vuvVmjkbylupdDdiZ
                                                                                                                                                              MD5:3E0B59F8FAC05C3C03D4A26BBDA13F8F
                                                                                                                                                              SHA1:A4FB972C240D89131EE9E16B845CD302E0ECB05F
                                                                                                                                                              SHA-256:4B9ABEBC4338048A7C2DC184E9F800DEB349366BDF28EB23C2677A77B4C87726
                                                                                                                                                              SHA-512:6732288C682A39ED9EDF11A151F6F48E742696F4A762C0C7D8872B99B9F6D5AB6C305064D4910B1A254862A873129F11FD0FA56FF11BC577D29303F4FB492673
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:The GNU General Public License (GPL)..Version 2, June 1991..Copyright (C) 1989, 1991 Free Software Foundation, Inc..51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA..Everyone is permitted to copy and distribute verbatim copies of this license.document, but changing it is not allowed...Preamble..The licenses for most software are designed to take away your freedom to share.and change it. By contrast, the GNU General Public License is intended to.guarantee your freedom to share and change free software--to make sure the.software is free for all its users. This General Public License applies to.most of the Free Software Foundation's software and to any other program whose.authors commit to using it. (Some other Free Software Foundation software is.covered by the GNU Library General Public License instead.) You can apply it to.your programs, too...When we speak of free software, we are referring to freedom, not price. Our.General Public Licenses are designed to make sure that

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\THIRD_PARTY_README

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):167579
                                                                                                                                                              Entropy (8bit):4.99515907079648
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:Yj33DuS8sY5sPfqN7amC35qs4NZ1G8OANn16XBPb3Ucw+4oHmZ/bcm9lHNhJ75eK:YqN2p5iy3Ucw+4osHfJRLERa
                                                                                                                                                              MD5:38CE805E78FE5D53B1C96DED461C4A7E
                                                                                                                                                              SHA1:693EEAF9531AA341A5A3E58FDF5CBEB4EA4C0BC2
                                                                                                                                                              SHA-256:D5526593B5F7E82117D9FEAC5F435849F5C60BB97A27E6355C0F1ADCD67CBFED
                                                                                                                                                              SHA-512:B59C2AB17AD10FD2424BE87ED7E5B7899CB349B6FAA85F51CB5088ACF9FB3584C1E4299DAE4E1D134995F0B996D8423CA0D39DF03B300519232A8A22683E940E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:DO NOT TRANSLATE OR LOCALIZE..-----------------------------..%% This notice is provided with respect to ASM Bytecode Manipulation .Framework v5.0.3, which may be included with JRE 8, and JDK 8, and .OpenJDK 8...--- begin of LICENSE ---..Copyright (c) 2000-2011 France T.l.com.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:..1. Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer...2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...3. Neither the name of the copyright holders nor the names of its. contributors may be used to endorse or promote products derived from. this software without specific prior written permission...THIS SOFTWAR

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\Welcome.html

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:HTML document, ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1168
                                                                                                                                                              Entropy (8bit):4.659815638386024
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:qTpF1QmEd71usn2OcjR5HbtNA+S98bfhxeUkzQ98niGWbyTtaJ88D9xaKcmip1aN:0pvUn0Rxjv48bf228nidh3Okm2Upm
                                                                                                                                                              MD5:FE7A3453E7C912BF8BEE7406CB969E3F
                                                                                                                                                              SHA1:0657C5F2C036D73EA75D53D9537BD9EB9AE36144
                                                                                                                                                              SHA-256:43FD2BA19D558D9B3F4DF6564B4E003531DFC2EF7240BBC1C395A4BA151E7D7C
                                                                                                                                                              SHA-512:E2EBF712885679AB999EC08A8BFEE2321B47DBAE6B66AAE860930CD2407682CB3D71AE6D26793EA7838311E36524425E2F6BCA735F74376435848A823CAC44BB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<!doctype html>.<html>. <head>. <title>. Welcome to Zulu, the open Java(TM) platform from Azul Systems.. </title>. </head>. <body>. <h2>Welcome to Zulu, the open Java<sup><small>&trade;</small></sup>platform from Azul Systems<sup><small>&reg;</small></sup></h2>. <p>The Zulu environment includes the Java&trade; runtime, compiler, and tools. It provides complete runtime support for Java applications.. <h3>Reference Documentation</h3>. <p>See the <a href="http://docs.azul.com/zulu/zuludocs/">Zulu user documentation</a> for more information on Zulu installation, operation, and troubleshooting.. <p>See the <a href="http://docs.azul.com/zulu/zulurelnotes/">Release Notes</a> for release details on Zulu versions and system requirements.. <h3>Community</h3>. <p>Visit the <a href="http://zulu.org/forum">Zulu community</a> site for recent discussions, news, and release notifications for Zulu.. <hr>. <

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\JAWTAccessBridge-64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16000
                                                                                                                                                              Entropy (8bit):5.915893707028001
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:i+qusvKUPY73X23GqmsIfucHDWpH8ps7/kU0OBZHkCf:+zvKu2GhmsIfuUDG8pQk7EhX
                                                                                                                                                              MD5:264B24B87928991D576D5E44BCADF715
                                                                                                                                                              SHA1:4EFC191607487DF7AA8C71544FF547CE0E60CB53
                                                                                                                                                              SHA-256:7AD330C5391B2B9045CA9A0597BF88C4A0A79EE1374AC63500936B9A40E00A90
                                                                                                                                                              SHA-512:08B45FBA5E45180384F41A79F6857CE53691A691A116EA877A9C0BA0666633387EA865743F97BBCDC328E5E9A938B84EE3191752941C0A82F0A15F6D90A2B2ED
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................A).....A..................A(.....A......A......A.....Rich...........PE..d...o.l`.........." .........................................................p......MZ....@.........................................P%......."..P....P..P....@.......$.......`....... ............................................... ...............................text...r........................... ..`.rdata..L.... ......................@..@.data...X....0......................@....pdata.......@......................@..@.rsrc...P....P......................@..@.reloc.......`......."..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\JavaAccessBridge-64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):148608
                                                                                                                                                              Entropy (8bit):6.209991360514085
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:vSx77e9dxjpc3oIuU+P6HtEXjwYK4paEe/zNb78kLNZ7mi2YKJZuJzDcQPpsjyuE:vSxve9dxjpc3outE1AdN
                                                                                                                                                              MD5:5B6D3F654D72AF07125D87D2DBDB9DCB
                                                                                                                                                              SHA1:C9BC810CD4DAF74101DF5F8E1D1B69263C02C874
                                                                                                                                                              SHA-256:613B5DB0B27AAF9DDD3BC94C28FD68E0F4BB35FA2FF2CED91DFDC40A6874645E
                                                                                                                                                              SHA-512:EC6A684744E0908F1CB88D45DD549BE3DA61DB72CF0598F65EC977D28A00B66CBF9818BF24FD7C5F29FBA5457A3B4E6BA3F32508B5E2AE6CADC2540AD03A0576
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.................................2.................A.....3.............................Rich............................PE..d...i.l`.........." .........,......X........................................p............@......................................... ...8.......P....P..P....@..p....*.......`......p...................................................H............................text............................... ..`.rdata..X...........................@..@.data...8....0......................@....pdata..p....@......................@..@.rsrc...P....P....... ..............@..@.reloc..$....`.......(..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\WindowsAccessBridge-64.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):128640
                                                                                                                                                              Entropy (8bit):6.313163512689457
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:b8byYEv0G8BaqNHvMJBJYf4Gdod0TfWzc+16JMruX7KNkZutIpnQkzl6S5U8PCNr:bU/IqNHvkud/TZnMrurKge26S5xeDX
                                                                                                                                                              MD5:9FDA1BF71ED1A6FF5F99E11508DEAB9A
                                                                                                                                                              SHA1:5D9E91E6C4222107121180B90334802B84FF836F
                                                                                                                                                              SHA-256:B8AD8A1369861655ECE9AC9CFF6986AA01DCA985BD09FF2A8C4C1D1BB8483F8B
                                                                                                                                                              SHA-512:6FC5F91B7B53A9B4954EAD4AE9E47B493375B77153DE2C5179AC5364F2B3EEC9FB60CEA24B685212E0D7EB65064EF35F16E383BF92B350BFFFF3AED76F5F08C2
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5..l[.l[.l[.....l[....l[....l[.lZ..l[....l[....l[....l[....l[.Rich.l[.................PE..d...i.l`.........." .........................................................@.......=....@.........................................`...A......<.... ..\....................0..T...@3...............................................0...............................text............................... ..`.rdata.......0......................@..@.data....7..........................@....pdata..............................@..@.rsrc...\.... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\awt.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1517184
                                                                                                                                                              Entropy (8bit):6.3502908734774675
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:a+1kWjiUx2XwBRqfDyBvrPHqzftZY9pRGggc23zIhYUewbpkswERd5u2mI9JA:a+1kWjitXwBUfD8vrPHqzf3Y9ug/ISYn
                                                                                                                                                              MD5:727DB926E0E032CA5D96F485638693A1
                                                                                                                                                              SHA1:10307FC79C713C55D831557F73E7A64DD5EECE17
                                                                                                                                                              SHA-256:863341B363EF99625F76347A421D49A971E690F7A66F21FA7F897ECA41166D2E
                                                                                                                                                              SHA-512:B2DA4046AD30DDA95CAED3C143C2C45DF13E919888F5FD4BFADB7CCE8E92C99F470BC9F98B0A651D14F4D0A17615B3C3E01E44376C12AF4A81F016DBB643DD4B
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0x..Q...Q...Q..X....Q......Q......Q...'...Q...)...Q...)...Q...Q...S......Q......Q......Q......Q......Q..Rich.Q..........................PE..d...l.l`.........." .........x.......................................................%....@.........................................@<......8(...........;......t............0...:.....................................................p.......`....................text...~........................... ..`.rdata...E.......F..................@..@.data...h...........................@....pdata..t...........................@..@.rsrc....;.......<..................@..@.reloc...H...0...J..................@..B................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\dt_shmem.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):30336
                                                                                                                                                              Entropy (8bit):6.274817694046736
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:Ld9fmDj1i/zS1Ha0KFMkLSsPHNapleDGqlghW:Ld9fm31i7SvKPPH8l6
                                                                                                                                                              MD5:A5628C2E659DDBA2811BA3AA632614F1
                                                                                                                                                              SHA1:2120C738A1D0EA7287B043B8668C99A2E5D1DE51
                                                                                                                                                              SHA-256:96F1EF7D2BD92D178D043552F93607386614DE89C062934C135C8B1C22FA21B5
                                                                                                                                                              SHA-512:38A70CCB99EB3CBDDF5F1454464287DB2E8A1844D2C1D3B98DA66FCF16B0E31CF46D8424CCC04BF4E26912ECA4155BC817B01CD65D4EA19261E1A3DA1C5D71AD
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................1...w>.......w<...w....w....w9...w8...w?...Rich...................PE..d...j.l`.........." .....4...$.......=..............................................N.....@..........................................a..X....[..<.......|............\.......... ....R...............................................P...............................text....2.......4.................. ..`.rdata..8....P.......8..............@..@.data........p.......N..............@....pdata...............P..............@..@.rsrc...|............V..............@..@.reloc..H............Z..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\dt_socket.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):25216
                                                                                                                                                              Entropy (8bit):6.121624878407578
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:mutlT0TmZU06hKYxU1relILwZJr7EFF9/DG8pQDhV:mYY8UfhHxU1qGLmFO/DGHhV
                                                                                                                                                              MD5:288C2802D4840E63A07660960AB6A8EE
                                                                                                                                                              SHA1:F6E9AED1BF93784403E550384D6EA767D260B66D
                                                                                                                                                              SHA-256:5C1A8493A636813AFAA44707102CEE8A9209452F84F2962AA9590C4D7E28609F
                                                                                                                                                              SHA-512:1BDADFB5C50F101B41F6FDFE7C5E6439387811FEF79DCD95A8F5A61BE0AF16ED64DC3C7F453541E4F7FFC765716210EF182CE3AF024AD26726300555CD69D16C
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........R..........C0.....C2.....C.......?...........C......C7.....C6.....C1....Rich...........................PE..d...l.l`.........." ..... ...$.......)..............................................Y.....@.........................................PG..U...dA..P....p.......`.......H..........x....2...............................................0..X............................text............ .................. ..`.rdata.......0.......$..............@..@.data...X....P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\fontmanager.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):288896
                                                                                                                                                              Entropy (8bit):6.301743370181989
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:XJFRr/Uq2rAHRmAweOEtFGMReiDiZj1WKO/Sdg+:XJFRmgzwezGSy
                                                                                                                                                              MD5:12067360463FF63529D6D32CED1B9CCF
                                                                                                                                                              SHA1:488793B89446FB1EA578567825215FA0AB00D4BD
                                                                                                                                                              SHA-256:FADEA3E7F60DD9B76683D671C5A29842E9A765CE33009EFA082AAE3C068B12BA
                                                                                                                                                              SHA-512:47F8940DF0D9B667B6148043BBA362E7E270F713FE6A29CDE75C21FCE0142AC19A1A43C99BDB184EDC6AD80A012874DA4369CBF517E690C449FD7E0E0FEBA124
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.x....]...]...]..]...]...]...]...]...]...]...]...]m..]...]H..]...]...]...]...]...]...]...]...]Rich...]........PE..d...n.l`.........." .....b...........j...............................................6....@......................................... .......D................`...(...N..............0................................................................................text...2a.......b.................. ..`.rdata..............f..............@..@.data.... ...0......................@....pdata...(...`...*..................@..@.rsrc................B..............@..@.reloc...............F..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\freetype.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):663680
                                                                                                                                                              Entropy (8bit):6.5915047833261555
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:x916pWDhpYdGQrbfT27VvH29ywEP6X/u//VofEWmv+ta9R:x916pWDhpYdGQrbfKeEP6PuvZT
                                                                                                                                                              MD5:D44251FC3507457916DEC3B7323AA6D4
                                                                                                                                                              SHA1:C8294ACD9CF669BD2E1CC825F87F216C4101917E
                                                                                                                                                              SHA-256:15300E85172E621ABF2AA45ACB62696174F269F55C6907E0455D385607972F95
                                                                                                                                                              SHA-512:02CCE27063E3CAD4DAB2C793AC61A1484FE6479841D2BCB961EB3E0ED2F30504C1F2605DB05BCF1BB2F92E0FA7E2C6040D7F5639C6FE29F5BAAC6B506A6EB04D
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H................................#.................9.....".=...........................Rich............................PE..d...../`.........." .........................................................P......!.....@..........................................n......Hi..<.... .......... s...........0.......................................................................................text............................... ..`.rdata..7v.......x..................@..@.data................t..............@....pdata.. s.......t...v..............@..@.rsrc........ ......................@..@.reloc..~....0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\hprof.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):158848
                                                                                                                                                              Entropy (8bit):6.412202054759006
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:j6bSTjx/1RWaJ5cb5CqJ4umThfAJ48shTJ97zns8OJB/PxBvhbv:j6bSTlNEYKbEqAThYFshnnUPLvh
                                                                                                                                                              MD5:EFBAFF37595A3A1A866B539E85292E63
                                                                                                                                                              SHA1:53C7B4F7CF63E90FAF09F9503FD06F0BEF886F2C
                                                                                                                                                              SHA-256:B8BF7A5D71F9EC7C379BDEBC4DC1CE4CACEDA2DA1B6827C397A9923BD8CECB67
                                                                                                                                                              SHA-512:92D68590239BCF92AD2F3FBBC45146E653F6D2DCB8D333E4A68673C7708176DAA18E345D42066C93E660E5869EF80846CA484636C98B1C3C5CCCCF4DD138DAD4
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................2.\......3X......3Z......3o.......W..............3n......3_......3^......3Y.....Rich....................PE..d...j.l`.........." ................4...............................................L0....@..........................................?..b...d7..d....p..p....P..T....R..........p....................................................................................text...b........................... ..`.rdata..bo.......p..................@..@.data...H....@.......*..............@....pdata..T....P... ...,..............@..@.rsrc...p....p.......L..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\instrument.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):124544
                                                                                                                                                              Entropy (8bit):6.536701255082349
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:V+aB4gNM/AgkTE7HBhyZdWUvTBf+s4yXjYUn:V+aegYlkTAhcZ0UvTBCy1
                                                                                                                                                              MD5:29435A2AE6F9EDB42482FC271A83734F
                                                                                                                                                              SHA1:3E9B1D891602A123F2DC6B0A97C0BEC83FE9152E
                                                                                                                                                              SHA-256:9B4FED0BFD0F2F4354F751FFA072611503EA126F15A98797BAA2A8D709EAA693
                                                                                                                                                              SHA-512:FA9B8DDB8AEB54241E22F7056D28A336D6E2A342C9B5F922A0A5C738ECF5331DBEB4927B8CB1F7246D7085473131E3140D01AF2ADEAED609A1BC0BD9CBA4FC91
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#..p..p..p...p..p..p...pD..p..p.;!p..p.;.p..p.; p...p.;.p..p.;.p..p.;.p..pRich..p................PE..d...l.l`.........." .....(..................................................0.......b....@.........................................P...Y...4...(............................ .......B...............................................@..p............................text....&.......(.................. ..`.rdata...u...@...v...,..............@..@.data....6..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..|.... ......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\j2pcsc.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):19584
                                                                                                                                                              Entropy (8bit):6.234913944837289
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:FNvJalGYd9zE1Rnx7pIlwCqjyk6UtT5OFDG8pQF2lhu:DvJAGYdi1dx7parHFDGwlhu
                                                                                                                                                              MD5:5D8E3E59D58AF0D9EC7E73E6A1895AB9
                                                                                                                                                              SHA1:D7FC277B7FB3375D72FAEC120BA19164A8F7C475
                                                                                                                                                              SHA-256:4E1E1A34CD5BD6C71CD530F3D37071329A49D1C2371159AB4A4AC9BE32A3344A
                                                                                                                                                              SHA-512:0A982C5ED656C401853AA8711E36AD6BD2749975E0F49889D5B3C9AE4B3B6BE0BFCB976FDC0BE03D8EDF3823239472FFA37C00AE7F252226D87D9AE714E4FCC4
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m"W..qW..qW..q...qV..qL..qU..qL..qU..qL..qU..q^..qR..qW..qz..qL..q[..qL..qV..qL..qV..qL..qV..qRichW..q........................PE..d...i.l`.........." ......................................................................@..........................................9.......4..P....`..t....P.......2.......p.......1...............................................0...............................text...R........................... ..`.rdata..d....0......................@..@.data........@.......(..............@....pdata.......P.......*..............@..@.rsrc...t....`.......,..............@..@.reloc..$....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\j2pkcs11.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):69248
                                                                                                                                                              Entropy (8bit):6.268180011820901
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:3CLQ1W8opxGTHQpmP3wkQH/RbZT9SxnyWaB4/Pu1+Cb19r7xn1bDPUAhU9hOBAnK:SU1WGwpmP3wkiJzHVPP
                                                                                                                                                              MD5:724EDE94AD2C9834AC2D39B8C442D9E6
                                                                                                                                                              SHA1:DA1D4143FBB21A8964DA21CDA40997A4BA581867
                                                                                                                                                              SHA-256:821BAA8F6A5C960F59EB5049C4971EFE7F996F9AA5277BE4A313D3CBBD12F1F2
                                                                                                                                                              SHA-512:00A0B385BC00A846CC9BB7A051439C7D6162E16F1E43C63A3B5B2FF7C4EACB7E22331B833E009F5997A3CE3492420744F9585B9518C1715B343BCC02A0F0B8F6
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p^=`4?S34?S34?S3=G.36?S3/..37?S34?R3.?S3/..36?S3/..36?S3/..3,?S3/..35?S3/..35?S3/..35?S3Rich4?S3........................PE..d...j.l`.........." .........D......h........................................@............@.............................................;.......<.... ..|....................0.......................................................................................text.............................. ..`.rdata...1.......2..................@..@.data...............................@....pdata..............................@..@.rsrc...|.... ......................@..@.reloc..$....0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jaas_nt.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):21120
                                                                                                                                                              Entropy (8bit):6.252976951499154
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:QltDlTP+dNkvp2EvhBOq6i3LsDG8pQqpKh2b:QhqrC1/sDGW8h2b
                                                                                                                                                              MD5:43D94ADB9C660D981491357EEC204999
                                                                                                                                                              SHA1:1A164BF1DE286F36407E5789FA678AF1136CF1BC
                                                                                                                                                              SHA-256:D9C944F6384DE32AFACE661FE3EF4D47AAA66F7AC3A67543D8E53E805C3CD687
                                                                                                                                                              SHA-512:2A79BE77BA7B81FA1CDE486A091DCAB425608A6539044E16DAEDE0BB9F9EE1908BB9DE2074B03B162F5616775B66A6F782BBA677B81950F16409D4214CA057DD
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dg`c ..0 ..0 ..0;..0"..0;..0"..0)~.0'..0 ..0...0;..0)..0;..0!..0;..0!..0;..0!..0Rich ..0........................PE..d...l.l`.........." .................$...............................................}....@..........................................?......d9..d....`..x....P..,....8.......p.......1...............................................0...............................text............................... ..`.rdata.......0......................@..@.data...X....@......................@....pdata..,....P.......0..............@..@.rsrc...x....`.......2..............@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java-rmi.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16000
                                                                                                                                                              Entropy (8bit):6.238076524248194
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:JcNKL2cwsTm6msWIKEfooYgv0WeC5+DWpH8ps7/DtoBZHkZSZ:euesm0KN/gv0WeCoDG8pQ5ahD
                                                                                                                                                              MD5:E016855B72B5A8C80767956D68F03375
                                                                                                                                                              SHA1:118EF9EA56C2E778DCD15EBF825475520E75CC5D
                                                                                                                                                              SHA-256:B7EF20F578C1228D0264B4603A36209CA1E1923D15069845B784F8109276A528
                                                                                                                                                              SHA-512:31D60E3B8AF875D3BF6D9CAD1DEE5E0741055D6D28C7AD250B749F4EA91BB29C44A9550C226FB93B4E9134719E2B06091AF140286592CDFAB79C9B1DA8454159
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A3.. ].. ].. ]..X... ]..... ]..... ].. \.. ]..... ]..... ]..... ].Rich. ].........................PE..d....l`..........".................$..........@.............................p......r.....@..................................................#..P....P..t....@.......$.......`..$....!............................................... ..P............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@......................@..@.rsrc...t....P......................@..@.reloc..B....`......."..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):159872
                                                                                                                                                              Entropy (8bit):6.384847962531703
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:25YvxKbFFDAO35QQlNPai+hkPlf9KipIn3/VUVhEL3c66:abXDnKQFHZ2m23cj
                                                                                                                                                              MD5:C15B283310FCF536E39D816DB8349990
                                                                                                                                                              SHA1:3DB459DEBE6EBB1CD186E6B34687C62311367546
                                                                                                                                                              SHA-256:12687C8B9BC286807D3BCFF6C26465A483900B05AA0DA6D15871EA5E9A1ED96E
                                                                                                                                                              SHA-512:6C2193AD240A26FE12481057D9CE274C0BDD6E3F9491D9B7C611CFF1FB5FB8AEAD309136076511C1E8037E2BBC5F930EA396F7DDFC1C08256F0356967B97228D
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.Y.3.7.3.7.3.7.(I..1.7.(I..1.7.:...5.7.\...0.7.:...2.7.(I..4.7.3.6...7.(I..D.7.(I..2.7.(I..2.7.(I..2.7.Rich3.7.........................PE..d...k.l`.........." ................................................................U....@.........................................`....=..P........p..l....`..0....V.............. ...........................................................@....................text..."........................... ..`.rdata..9...........................@..@.data........@.......&..............@....pdata..0....`.......<..............@..@.rsrc...l....p.......L..............@..@.reloc..N............P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\java.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):202368
                                                                                                                                                              Entropy (8bit):6.631065174970745
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:4bqUCwSubksVrq/5ATfqeOk/hrQMr7ePiPmTy0TBfL6/xKXx7k/I+63:2Ceb1VUATfeWtr7ePiu+0TBuU7k/u3
                                                                                                                                                              MD5:BC2485F754F7ABA9E2C065DAD4B6C97B
                                                                                                                                                              SHA1:1FD103E92F626ABEB077BA40D597AE20457FE61C
                                                                                                                                                              SHA-256:35FD53F7D8599398D9BB16F8129C64F5C3A84B76EDDF5516DECC5E254738B301
                                                                                                                                                              SHA-512:34C648CF64BF81E5A3A9ECD3F2E63D45E298FF52E2F46E9D1256EFDCA0442069652BDF27CC4EA8EFF6B5597990A439D7AB1F6177A0D27C699B3391B1BFD787F8
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#.q.p.q.p.q.p<?"p.q.p...p.q.p..$p.q.p..)p.q.p.q.p.q.p...p.q.p.. p.q.p..'p.q.pRich.q.p........................PE..d....l`..........".................X..........@.............................P.......0....@..................................................]..d........m......l............@.. .......................................................X............................text............................... ..`.rdata..............................@..@.data....?...p.......X..............@....pdata..l............t..............@..@.rsrc....m.......n..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\javaw.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):202880
                                                                                                                                                              Entropy (8bit):6.624703951476863
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:xqFIQYYQZVpc3FKihmTpdQu4oc5G/12wFmc90TBf7Yp6/Xpu7k/I9AI:6IEQHi35mTph4xG/12wca0TBt07k/ZI
                                                                                                                                                              MD5:8131448B215660CD2D2C65B0287D7574
                                                                                                                                                              SHA1:685E9E58D6E1916858B240304EFB2EAD7E2ED653
                                                                                                                                                              SHA-256:64F881236AD745961C6ABF1DCB28C2240ECF31AF9F3D3D04D860CE7D45FFA1C8
                                                                                                                                                              SHA-512:EC0C4E0728A8EBF21C5430294DE30F9BEBAFD1E12E134AD5327D6DBBA11C941C4CF897EEDFA12A45467615C2C983E470B4A9C4861A447D39F94A5359854BAE1C
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o."..eq..eq..eqY@.q..eq..q..eq..q..eq.v.q..eq..dq..eq..qk.eq..q..eq..q..eqRich..eq........PE..d....l`.........."............................@.............................P............@..................................................]..d........m......x............@.. .......................................................X............................text............................... ..`.rdata..............................@..@.data....?...p.......Z..............@....pdata..x............v..............@..@.rsrc....m.......n..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jawt.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):14976
                                                                                                                                                              Entropy (8bit):5.975653892047155
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:NqCTJfVU+2R3X962IUATDWpH8ps7/boBZHk3V:wCTJfVt2tN6FUATDG8pQbahS
                                                                                                                                                              MD5:18EE90060090B0E597FDA72528C87DB5
                                                                                                                                                              SHA1:59D5928CB11F54B8F2BB53D26F8F6E07CF329F19
                                                                                                                                                              SHA-256:A4C4E58808ED03280A0524E0473E7DD4DF2261C6B0BE79FBA37BFE87B243714F
                                                                                                                                                              SHA-512:B08389CD5B8ACA1559BA4CA9AD186457EE7BFD6821CE16669A1A9135BABD144B402F1C2408ADC93D1C1C0B8FFBF25A0B1DE968AB7D17066E419046C86D4F3010
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[....r.Q.r.Q.r.Q..AQ.r.Q..xQ.r.Q..NQ.r.Q.r.Q.r.Q..yQ.r.Q..IQ.r.Q..HQ.r.Q..OQ.r.QRich.r.Q........PE..d...n.l`.........." ................p........................................p............@..........................................&..G...."..P....P..l....@....... .......`...... !............................................... ...............................text...b........................... ..`.rdata..W.... ......................@..@.data...`....0......................@....pdata.......@......................@..@.rsrc...l....P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jdwp.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):202880
                                                                                                                                                              Entropy (8bit):6.367018532204947
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:SSFhjxG3rZqTw63hMgTxi3j14hDuFGfxQU4dvdWG1Aj1n2YlGDEhOTr6Bzx3isM:7rM6mgw14QFxjarGu66Bz1jM
                                                                                                                                                              MD5:D61F104619981A16F46E6A2E40B35A0A
                                                                                                                                                              SHA1:13E4F5547B00F69E34CC7CCBCA634CC4E7DF29BC
                                                                                                                                                              SHA-256:CA3EB3E09284DC8033B0287C643FEE669E462F8C0D522BF3AFD3B122154EA3F3
                                                                                                                                                              SHA-512:D936F4A56DF20F1592A7FC863EA6AA33E5BCA25A3A455E00BF3EDE90366B76F9491AA54B0FB12DDB13994CC9902CD0DC4CAA37D56576DF9BA562721793C594BA
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s....................H........a...............a.......a.......a.......a.......a.......a......Rich............................PE..d...l.l`.........." .....\...........e.......................................P......M.....@......................................... ...a...X...<....0..l.......P............@.......r...............................................p..P............................text...RZ.......\.................. ..`.rdata...v...p...x...`..............@..@.data...............................@....pdata..P...........................@..@.rsrc...l....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jjs.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16000
                                                                                                                                                              Entropy (8bit):6.2694803045229825
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:DyfFyTHTjYm1yIKEfoFw8v8eC9DWpH8ps7/zkeSBZHkV1do:Dyfq4mXKNFw8v8eC9DG8pQzchMdo
                                                                                                                                                              MD5:856D6B37D5A879F2F31D5AAEBC8F5E8E
                                                                                                                                                              SHA1:399074B52614803BEF9D0D33FF428D39688CA5C7
                                                                                                                                                              SHA-256:AC3A1EB5629B44A47B41519CDE565C3D4859BDD219EF7F60A2383B8A114E4844
                                                                                                                                                              SHA-512:9F8E5436A94FAA9072F45C809D5E6CB63CCF465A74FFF66677B79917530579282B474147626CEAE2879C54C803C96EE72D41AB3A325AEBC029AB71B840AC570C
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A3.. ].. ].. ]..X... ]..... ]..... ].. \.. ]..... ]..... ]..... ].Rich. ].........................PE..d....l`.........."............................@.............................p............@..................................................#..P....P..\....@.......$.......`..,....!............................................... ..P............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@......................@..@.rsrc...\....P......................@..@.reloc..J....`......."..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jli.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):175744
                                                                                                                                                              Entropy (8bit):6.559263787813417
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:9DlrA6uP0WlS/Gh/vLWEBjT8U2hNXtBTi3sdTm9YEconmTBfFM4dbXIuBp4:9Do02SepLWQjN0zTXTm9YpwmTBfBi
                                                                                                                                                              MD5:3EB314BDE0C6EE0D51B412E4CF36F4B1
                                                                                                                                                              SHA1:9642E9CE2335A13536A2C89C7C4FC563AC69093F
                                                                                                                                                              SHA-256:FB4B4E794C84DC1D294FA14CB219103AB772AA00A340E1A0D754CBABB9CBB957
                                                                                                                                                              SHA-512:E22F463A292B678D880C8AAC2A5188B48BC9D5E31E0939FA95B55F450AD2516A2DE4470DD91582544B98F2E183796BD69DA5A9E0D33D948DD0EB9DE2D686FCFF
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.MOe.#.e.#.e.#..P..m.#.~...B.#.~...o.#.lf..l.#.e."...#.~.....#.~...d.#.~...d.#.~...d.#.Riche.#.........PE..d...i.l`.........." ................l.....................................................@..........................................i..m...x]..d.......h...............................................................................`............................text............................... ..`.rdata..m...........................@..@.data....?...p.......\..............@....pdata...............v..............@..@.rsrc...h...........................@..@.reloc..t...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jpeg.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):163968
                                                                                                                                                              Entropy (8bit):6.422583292256811
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:pDP0q4SfRGvBxcpyH/mgYWrUGzg2YesMi2xnJsoXDOujBh7mK193W9VGw:dsXSfRGvBxg6mgBrnzHYNMpnJsoXDnB+
                                                                                                                                                              MD5:F9C826EAC0348EF113AE9246FA5820BE
                                                                                                                                                              SHA1:7D9EA71AFEBB71E35732885FB5C0CF6383572254
                                                                                                                                                              SHA-256:B01813A9B4E524F58512B565EDCEE62F10102CA109B30D1C9177672A07DAA6E5
                                                                                                                                                              SHA-512:791395394B4360AC807C704EA9F6EADEA03F9A7F4BF7160D033AF5E66F2F04BF0EACAEFC7ED774A9ABC19F1A604E60F094E6AE3C9FED909EBBA23DB37C8524F1
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g..H#j..#j..#j..*.V.!j..8.[."j..8.n.!j..8.Y.&j..#j...j..8.o..j..8.^."j..8._."j..8.X."j..Rich#j..................PE..d...l.l`.........." ................................................................R4....@..........................................C.......=..P.......l....`..P....f...............................................................................................text...R........................... ..`.rdata...X.......Z..................@..@.data........P.......>..............@....pdata..P....`.......@..............@..@.rsrc...l............^..............@..@.reloc...............b..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsdt.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):19072
                                                                                                                                                              Entropy (8bit):6.304690687202355
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:8GfP60j6bZ2rfkyqeSMmGm8Ks0hSqpWooa6oFAoDG8pQX6GPwhC7:xS6COTFPmGmYBooroDG+FhC7
                                                                                                                                                              MD5:883721CA103E80A288721CA6614F89D4
                                                                                                                                                              SHA1:4E61A8FF65CB1EEADFCACFF6BD875665ED47A2C8
                                                                                                                                                              SHA-256:F5FA0EA7C87C7B732285A709BE493C3BB664CD38242F7BA0FE4DB6ECED8141CD
                                                                                                                                                              SHA-512:42B5FF094162ADB3353C3BA0D1B182FF9E0B45FD8CCE35127F2F9E2B16ACD771B7293A20AE36EFD45B7C94433F1409FDC903C553ED640D2370E7558699383532
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./k..k..@k..@k..@brd@i..@p.k@h..@k..@O..@p.i@j..@p.\@i..@p.]@g..@p.l@j..@p.m@j..@p.j@j..@Richk..@........PE..d...l.l`.........." ................. ...............................................+....@..........................................:..'...|6..<....`..l....P..P....0.......p......`1...............................................0..0............................text...r........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..P....P.......(..............@..@.rsrc...l....`.......*..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsound.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):35968
                                                                                                                                                              Entropy (8bit):6.370315051513169
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:3Vea88w3VzZBr/UjCL5IWNYvtDGZOhZVs:leabmN3VNYvE
                                                                                                                                                              MD5:A3DDD44A68D92F33473D9A255004800A
                                                                                                                                                              SHA1:06EF4793B7C4ECD4011AEA2E06BBA624AC062062
                                                                                                                                                              SHA-256:E59D07ABE5F52F6E2E5D65208F2A6A3D783134A8409223DA199C3F42163596B1
                                                                                                                                                              SHA-512:83140D80EF1A5194E3DB4B8D2874D36CFA49599CDFF27C93E469935C18B5064D1BC24BCD9C09E206A3B696D9CB1992DB597C35EB8FC5B20B957C4FBDA0870386
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'...t...t...t.Mnt...t.Mlt...t..at...t...t...t.MYt...t.MXt...t.Mit...t.Mht...t.Mot...tRich...t........PE..d...l.l`.........." .....B...,.......M...............................................U....@.........................................ps..B....j..P.......t.......|....r...............b...............................................`...............................text....A.......B.................. ..`.rdata.......`.......F..............@..@.data................d..............@....pdata..|............f..............@..@.rsrc...t............l..............@..@.reloc..0............p..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\jsoundds.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):31872
                                                                                                                                                              Entropy (8bit):6.555562900969214
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:jNS+gpHO6ATxs0ub05FNHk3gj3ZkhTw/AMOnu1vtHwWHrp6jZqUg20ODG8pQy3he:jN9g81s0ubk6QzZ2QljHr8kUQODGGhe
                                                                                                                                                              MD5:80BC389307280BB9761865077CE14DA7
                                                                                                                                                              SHA1:203728524ADC055199A6E51E10D90372041E48E3
                                                                                                                                                              SHA-256:DCF9626547CDA7711575151EC01F395E0777A05E71047FCDBCE90E3C3F69CC1E
                                                                                                                                                              SHA-512:ED1984416C22FF660786D480E0CB11CAA3DF3DF2BDAB9EB570C43F6709EA1E027FA6060DEA3D43CDA75D0B7AE87267C5319386719BBBB5D764D643577AE5A7CB
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........d.................................................................Rich............PE..d...m.l`.........." .....@...........K....................................................@..........................................].......V..........|.......0....b...............R...............................................P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......V..............@....pdata..0............X..............@..@.rsrc...|............\..............@..@.reloc..0............`..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\lcms.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):244352
                                                                                                                                                              Entropy (8bit):6.362239004994924
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:hvOaILyGlMPUkEGmXPfEI7Ob6vGEd4URDif2y4tDbhbh+c8Oa6:hvOFyGlbFEI7OboUfQhbscxT
                                                                                                                                                              MD5:76B6AB537569CF40C1D88196D8569071
                                                                                                                                                              SHA1:26ACB66D8463CBA0345866F30B6C31E272114E0C
                                                                                                                                                              SHA-256:BA845F2EFE1793ABC1A8FB778A6606C693A5982C9D3FBE2C0471A94CD094801D
                                                                                                                                                              SHA-512:A05377FA7BEF59C86121545AD21DDEE2468FFFCB1EF7925EB70757EB38103B3C5CDC2F8197F6FD417A4A5121DED9852EE8675792BA60DE0792BE4FA738D529E5
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........._..c...c...c.......c.......c.......c.......c...b...c......c.......c.......c.......c.Rich..c.........................PE..d...n.l`.........." .....................................................................@.........................................p>..A....7..d.......l.......T-..............t...`...................................................0............................text..."........................... ..`.rdata..............................@..@.data....O...P...0...6..............@....pdata..T-...........f..............@..@.rsrc...l...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\management.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):37504
                                                                                                                                                              Entropy (8bit):6.2905109600338385
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:vCb0l4r/kMNSKNVVT0s+Ko/G9JZ79Zy1SUpDGfhP:deXVPMG9JZpYgUs
                                                                                                                                                              MD5:19D59A754EBAB198B3AD3502DC6AC9B8
                                                                                                                                                              SHA1:5559FA7D56177305D273BA26FEB83E189378E4D6
                                                                                                                                                              SHA-256:B5D06F15841DC4226EC62DD17A059BC7E7C09F32CB6786185F651C643A9F78CD
                                                                                                                                                              SHA-512:497AFB08143E866AA4BF62DA737C20F2C84C99B28C4C4C939B0A020C14CFE67CDEB0B509F9FC85D699D5E0E1D4E1C5FF7ECF18D688E5C0262684CBEF3FAF51F3
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d....s...s...s.vK...s......s......s..}...s......s...r...s......s......s......s......s.Rich..s.................PE..d...l.l`.........." .....6...>......4@...............................................O....@......................................... i..-...._.......................x..........<....R...............................................P...............................text....5.......6.................. ..`.rdata..M1...P...2...:..............@..@.data...X............l..............@....pdata...............n..............@..@.rsrc................r..............@..@.reloc...............v..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\mlib_image.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):654464
                                                                                                                                                              Entropy (8bit):6.516424300421634
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:gHO39xR4bSpA3RD9gvlKNEsLIx/ZJtKA7OHd+6CPQi945r+/Z3kxA:XxR4bSpA3B9OQIx/ZJtlud+6MQi945re
                                                                                                                                                              MD5:4EF242FB594A816039BFF5FE9CAA5DE6
                                                                                                                                                              SHA1:E1B76BB75D757B6C973162EC8EA679008808F4A2
                                                                                                                                                              SHA-256:6E7F0601900095423C30DCF52CFB7ABD65F6B0D49B1F49E713F2E4C67657904E
                                                                                                                                                              SHA-512:B6F65385C3BAE342881E0B9EF12646D76FF69BE156B18EF9DBCF77460361068B0677783F60A17D31ECD7336D56350863FC2EA1A38AE43FEBDD8D34F286979826
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......GhS...=...=...=..q....=.......=...<.%.=.......=.......=.....A.=.......=.......=.......=.Rich..=.........PE..d....l`.........." ................<........................................ ......d.....@.........................................p...".......<...................................P................................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\msvcr100.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):829264
                                                                                                                                                              Entropy (8bit):6.553848816796836
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:QgzGPEett9Mw9HfBCddjMb2NQVmTW75JfmyyKWeHQGoko+1:HzJetPMw9HfBCrMb2Kc6dmyyKWewGzB1
                                                                                                                                                              MD5:366FD6F3A451351B5DF2D7C4ECF4C73A
                                                                                                                                                              SHA1:50DB750522B9630757F91B53DF377FD4ED4E2D66
                                                                                                                                                              SHA-256:AE3CB6C6AFBA9A4AA5C85F66023C35338CA579B30326DD02918F9D55259503D5
                                                                                                                                                              SHA-512:2DE764772B68A85204B7435C87E9409D753C2196CF5B2F46E7796C99A33943E167F62A92E8753EAA184CD81FB14361E83228EB1B474E0C3349ED387EC93E6130
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........pm...>...>...>..>...>...>F..>...>...>...>..>...>..>...>D..>...>...>...>...>...>...>Rich...>........................PE..d......M.........." ..........................sy............................. ......A.....@.........................................pt.......`..(...............pb......P............................................................................................text...F........................... ..`.rdata..............................@..@.data...L}... ...R..................@....pdata..pb.......d...Z..............@..@_CONST..............................@...text.....2... ...4..................@.. data.........`......................@..@.rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\net.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):98944
                                                                                                                                                              Entropy (8bit):6.322259690226359
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:d1eU1I80FJXWhHXeHqKimWHkLFMvzsbUxybYIqD/j/Lg3PU3r:CUmJ1W1XeH9ixELFMsG9D7jw83r
                                                                                                                                                              MD5:1C5AE3178F47607DE9674521C4EE26F2
                                                                                                                                                              SHA1:F8991B430A2B8DED0982595E0AC50A2B9623D30D
                                                                                                                                                              SHA-256:08F3A8C065D952FCC5CAE7A912ADC46FE4D02029207B170FEAAE5410784FC851
                                                                                                                                                              SHA-512:B070CF3563025E6105ACF04C872EB234B5891C99ED50DB91050B329DE55C9EE4339D3F2FDBAC184901E6869C861D3CFE079D9EB88BD786183E3F7937B84C8CB8
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|..J..GJ..GJ..GQ.EGK..GQ.pGH..G%kpGI..GQ.GGL..GCe\GK..GCeHGM..GJ..G...GQ.qGj..GQ.@GK..GQ.AGK..GQ.FGK..GRichJ..G................PE..d...l.l`.........." .........t......`...............................................L.....@.........................................0@.......4..........h............h..............@........................................................1..`....................text............................... ..`.rdata...`.......b..................@..@.data........p.......V..............@....pdata...............X..............@..@.rsrc...h............b..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\nio.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):61056
                                                                                                                                                              Entropy (8bit):6.290301385811515
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:x037/svhIKfPfgq7MBYgALIu0K8WXJ31ljX:x03KIq7g6LIc8WZ31ljX
                                                                                                                                                              MD5:44CAF09544EDB1C1A23C2C176D5F158E
                                                                                                                                                              SHA1:35AC012BBD0BF776640987B2E1BE3B8F0CD3D18E
                                                                                                                                                              SHA-256:52445B77E22D3859DBF2D8734EAC52812D35915AE46898181FD26E89EA30D42C
                                                                                                                                                              SHA-512:6E48610ADF9BDAAFEB959613A939B605E363518CD6C942926F6E21895DDE03D54DC68F2406982FD7ED5907965C98CCD9CF96EDB5056A58DEBF3B4FD9561B3C83
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i.?.-.Q.-.Q.-.Q.6S./.Q.6S../.Q.6S.+.Q.$..$.Q.-.P...Q.6S..1.Q.6S.,.Q.6S.,.Q.6S.,.Q.Rich-.Q.........PE..d...n.l`.........." .....n...b......Xx..............................................sD....@.............................................)..|...........h.......X.......................................................................X............................text....m.......n.................. ..`.rdata...O.......P...r..............@..@.data...h...........................@....pdata..X...........................@..@.rsrc...h...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\npt.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):19584
                                                                                                                                                              Entropy (8bit):6.349476473984587
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:8IRHUVICdwSlkhONj0naxSKOERe6p1vjyDG8pQkLocnhN:8IRkICdw+khOxs2JWDGgFhN
                                                                                                                                                              MD5:9DD595A349278497B21C0DBF4F3574D4
                                                                                                                                                              SHA1:217554475AF80D402C7EE354A5FC49AFFD8D9594
                                                                                                                                                              SHA-256:9A2BE1189A8A2F46336D91E2065E8E78715DF925A72BD437B885EC71DCEFDE3A
                                                                                                                                                              SHA-512:5929C5EFBF124CE0C129EF0E8B771AEC3816E18BD9360CE9934F0C6CC4B676FC25602B9D05BB5782D8659CD3090562F7412DADB1A8D759870B03411A36B36B97
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6.X.W...W...W.../z..W....q..W....u..W...W...W....w..W....B..W....C..W....r..W....s..W....t..W..Rich.W..........PE..d...i.l`.........." ................H"..............................................St....@..........................................:.._....5..<....`..h....P.......2.......p.......1...............................................0..x............................text............................... ..`.rdata.......0......................@..@.data........@.......(..............@....pdata.......P.......*..............@..@.rsrc...h....`.......,..............@..@.reloc..$....p.......0..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\pack200.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16000
                                                                                                                                                              Entropy (8bit):6.268803450708278
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:7P1yTHT/iYmutG3pIKEfoN8gLoeCiDWpH8ps7/BgPHBZHkjrM:7Pa7mXeKN+gLoeCiDG8pQBAh9
                                                                                                                                                              MD5:A888F7855C21FE41B155BAB4EDB23755
                                                                                                                                                              SHA1:25ADF435C6674EAFDD35D7EA9FDFFD9B7D530D56
                                                                                                                                                              SHA-256:81B9D0684B5F06BF3CF2CB5FA4ACACFA2F8D9C4236FC46E2B99BB298F8ADD503
                                                                                                                                                              SHA-512:CC587A575E5429C97FAB7F905E6B046F0EB815AEFF51E234A1810B85BE15A3971E15E2E25870B60E0A11D49EF6B8CFB96982D0C3439189B746D16E8543BA1876
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A3.. ].. ].. ]..X... ]..... ]..... ].. \.. ]..... ]..... ]..... ].Rich. ].........................PE..d....l`.........."............................@.............................p......._....@..................................................#..P....P..p....@.......$.......`..,....!............................................... ..P............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@......................@..@.rsrc...p....P......................@..@.reloc..J....`......."..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\server\Xusage.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1423
                                                                                                                                                              Entropy (8bit):4.176285626070561
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:N3ZYKm8fuW6psByGJjR0X46kA2SsGFhD+GbpGCOhLRr3n:mOLUskGJjyltsGFV+GbpGCOTr
                                                                                                                                                              MD5:B3174769A9E9E654812315468AE9C5FA
                                                                                                                                                              SHA1:238B369DFC7EB8F0DC6A85CDD080ED4B78388CA8
                                                                                                                                                              SHA-256:37CF4E6CDC4357CEBB0EC8108D5CB0AD42611F675B926C819AE03B74CE990A08
                                                                                                                                                              SHA-512:0815CA93C8CF762468DE668AD7F0EB0BDD3802DCAA42D55F2FB57A4AE23D9B9E2FE148898A28FE22C846A4FCDF1EE5190E74BCDABF206F73DA2DE644EA62A5D3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview: -Xmixed mixed mode execution (default). -Xint interpreted mode execution only. -Xbootclasspath:<directories and zip/jar files separated by ;>. set search path for bootstrap classes and resources. -Xbootclasspath/a:<directories and zip/jar files separated by ;>. append to end of bootstrap class path. -Xbootclasspath/p:<directories and zip/jar files separated by ;>. prepend in front of bootstrap class path. -Xnoclassgc disable class garbage collection. -Xincgc enable incremental garbage collection. -Xloggc:<file> log GC status to a file with time stamps. -Xbatch disable background compilation. -Xms<size> set initial Java heap size. -Xmx<size> set maximum Java heap size. -Xss<size> set java thread stack size. -Xprof output cpu profiling data. -Xfuture enable strictest checks, anticipating futur

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\server\jvm.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):9003648
                                                                                                                                                              Entropy (8bit):6.327511175810912
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:196608:xK2Mcih/J+hijUfvHyukXG1h5tnFblKDzQQ7:xK2McidJ+hijU3CShDnFblKDzR7
                                                                                                                                                              MD5:2BD9330F2CAFF97FE12F4A330AE1F107
                                                                                                                                                              SHA1:3AB7E69839C584A16328D773A657245E19F32847
                                                                                                                                                              SHA-256:F8473F869F6CE88126EABB6AE4B1B765CAF2780FAABFB734287F33FA9AF9DF1E
                                                                                                                                                              SHA-512:AA3B99AC1EC80E4DC665EBCD5262CC6818F62734E9063ECF4B1BF6EC099C391D1EEB26108677A841B28EC2C558322DC3B114B75206D0AEE196F659A263540C46
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................h......b.*......h,......h........!..............h..2....h)......h(......h/.....Rich....................PE..d...a.l`.........." ......`...(.....0i`......................................`......y.....@.........................................@6{....x.{...... .......p..\....H.......0..D...0.`...............................................`..............................text....`.......`................. ..`.rdata...0....`..2....`.............@..@.data....`....}.......|.............@....pdata..\....p.......p..............@..@.rsrc........ ....... ..............@..@.reloc... ...0..."...&..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\splashscreen.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):206464
                                                                                                                                                              Entropy (8bit):6.673181371059124
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:zVneJL2f8sDe3i2emd4nNdMSOtJuhpRkHG11u/TBjv:BeJJ3i2SNddOtJCpGGK/TV
                                                                                                                                                              MD5:3C01C9E236A88D92BC468F041CE1C679
                                                                                                                                                              SHA1:3821951E8954B3989ECAC159C819FA1F05BDA37F
                                                                                                                                                              SHA-256:99692CA72CE4B5E0047D54A546FE8E4E8E651E636B4E90DAB1A0E927FB8167CC
                                                                                                                                                              SHA-512:3BDD44B86CAA07FF1B4918B01744853C85F565CACE7F3F82072F34FB7C1C0441254CADCFBE11F97244875EDD9C9E7A59C4147748482B82CA398C8E9604978CEE
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..b..1..1..1.p.1..1...1..1.p.1..1.p,1..1m.,1..1...1..1..1..1.p-1_.1.p.1..1.p.1..1.p.1..1Rich..1........................PE..d...j.l`.........." .....@..........(I...............................................T....@.....................................................P....`.......@..8............p.......R...............................................P......|...@....................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data....5..........................@....pdata..8....@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\sunec.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):136832
                                                                                                                                                              Entropy (8bit):6.185191723534169
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:9tsTyvaGMi+lj3b4NeqbAyvOZvCUtEZKa:9tsTuaGMi+lD8NkyvqvZG
                                                                                                                                                              MD5:34F2E1E15AE932B27B84F73D583955EF
                                                                                                                                                              SHA1:879C84D17BDE3D5FA67036D1F237777715F49908
                                                                                                                                                              SHA-256:5880FD50FC85FD5E48543040A1E2F86D1247A7A76DBE5A7EB989C6AB541D9042
                                                                                                                                                              SHA-512:EBED871DE81620D471FF5351EBD2FDD713DC96E8DFCFFBA44E894FD75A416BCED334BB1D6EFBDF5A716910DC22BDCE6CF561A69777E8AEE241C0B5F66090EB14
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............E...E...E...E...E ..E...E./.E...E...E...E./.E...E./0E...E./1E...E./.E...E./.E...E./.E...ERich...E........................PE..d...j.l`.........." .........................................................@......,2....@.........................................P...m.......<.......p.................... .......!............................................... ...............................text...r........................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...p...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\sunmscapi.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):38016
                                                                                                                                                              Entropy (8bit):6.221351379336383
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:2A6GoMowoGntk9f4dIxVhgUNhBslQcTFlGq07xDGyhJ:hoMowMfV5hBslJOq07v
                                                                                                                                                              MD5:63591F0004E481217756407C688FA72F
                                                                                                                                                              SHA1:1D5F20CC706BAD501D886C349AC5EB47582389F3
                                                                                                                                                              SHA-256:C921495C997FEABEB3D6FA9F4A01B3D460F4B11305F065ED6B19781B64F6B3A8
                                                                                                                                                              SHA-512:2673E071E62B2B074BA71EC227D04D41CA67B0018E79B8EE6859EBDEDF74264EF875D689506F3B083B79013F2ED861406E5D0B9C4224920F028647A34A26F2D8
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d...7...7...7.a?7...7.a=7...7.a.7...7.07...7...7...7.a.7...7.a87...7.a97...7.a>7...7Rich...7........................PE..d...i.l`.........." .....J...,.......M..............................................f.....@..........................................z.......o..x....................z...............c...............................................`...............................text....H.......J.................. ..`.rdata.......`... ...N..............@..@.data................n..............@....pdata...............p..............@..@.rsrc................t..............@..@.reloc..0............x..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):80000
                                                                                                                                                              Entropy (8bit):6.220994966672664
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:aomjjzWtEoTtq9rMDtmynJmQmANzQZ+zT57p3T:aoizpow9rMDQynJrNzQZ+zTFp3T
                                                                                                                                                              MD5:BB75BFAC224DB1F34600A575A8124CFF
                                                                                                                                                              SHA1:AE656BFFE117382938EB124C45AAD6FD52893F43
                                                                                                                                                              SHA-256:F6AF7E85E44FAFC6E32D568AA32F772D2228EA88364EA8B0DBA17933994FC7C4
                                                                                                                                                              SHA-512:39EE48F65DF195A60F7B374F976D1ACCFC57F1988569C2E713DC523BB7C8002984BBAF5400FF879C8137288DFDBF6B6383B70BD96F548A1EB83F340007486EAF
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b...............{}.....oMv......p......D......r.............E......u......t......s.....Rich............PE..d...k.l`.........." .........V......X........................................p......'.....@.................................................4...d....P..t....@..H............`..T....................................................................................text............................... ..`.rdata...9.......:..................@..@.data...(.... ......................@....pdata..H....@......................@..@.rsrc...t....P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):199808
                                                                                                                                                              Entropy (8bit):5.778026008870564
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:cz9r2O8SSh4tNRIOcTtOTBZAqQNTwd+ZI:W9rAPhm6OTPAqQNTwdgI
                                                                                                                                                              MD5:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              SHA1:EE369CF9A6D4AB2F91A05FE84BF790FDDA873669
                                                                                                                                                              SHA-256:2F5955B1D5BFD13F0C3B70C5A261DF5D524A849A45C0D31F64478188CBE82665
                                                                                                                                                              SHA-512:BE00FC9C0242D27E0F8CCA0A0AF39BCEE502683DD0246E7453B6B4AEBCCD81EA221A4B14CCEF48244920A180BC268132F7CA4584EFA46A648A7BEC9C1A7DA3D4
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FZ...;l^.;l^.;l^.C.^.;l^.u.^.;l^...^.;l^.;m^K;l^...^.;l^...^.;l^...^.;l^...^.;l^...^.;l^Rich.;l^........PE..d....l`.........."............................@.............................0......w.....@.....................................................<............................ ......p'..................................................h............................text...Z........................... ..`.rdata..j.... ......................@..@.data...p...........................@....pdata..@...........................@..@.idata..o...........................@....rsrc...............................@..@.reloc..H.... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\verify.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):49280
                                                                                                                                                              Entropy (8bit):6.414356548363134
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:WYkpGTievAR+x/Olkj1ZyiQLdYn+KP1aU19pEiOT8rH6EBXdrevPiDG/IhLl:yELxRn3HfpEwz6Sd6vP2
                                                                                                                                                              MD5:38BDC89172ACA98A8DF57CC6B0E5E8DB
                                                                                                                                                              SHA1:2448538975C6DAF00F4014D166EBB014D2374E8F
                                                                                                                                                              SHA-256:981DAFA227A6FF4E1BF9A38D94800B28F1E39ADC6FE5F76B9362206BD7346EBE
                                                                                                                                                              SHA-512:9FC3D626948F0990A311E3710786F6028E66CF75D6926C3D433526A349C93492CF7B7B1BFE7499EB88970E5342FD0201B58B7F227BFC009057DEA7517B67B29F
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........<..o..o..o...o..o.Y.o..o.Y>o..o.Y.o..o..o..o.Y?o..o.Y.o..o.Y.o..o.Y.o..oRich..o................PE..d...i.l`.........." .....d...>.......m....................................................@.........................................P...........P.......t............................................................................................................text...2c.......d.................. ..`.rdata...-...........h..............@..@.data...............................@....pdata..............................@..@.rsrc...t...........................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\w2k_lsa_auth.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24704
                                                                                                                                                              Entropy (8bit):6.277810560081699
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:IW3UgF5ivugXUxqIiWNLEy2THbqhlnLSH/XJbGGGGNET7T7T7T7oT4DGxZhuY:VgXUZiWNLEy2THbqhlnLSH/XJbGGGGNV
                                                                                                                                                              MD5:876E3189AFA6675D812A03D02BC2F9C1
                                                                                                                                                              SHA1:CF39510BE5C73396024422A8190078EAF00C8C8E
                                                                                                                                                              SHA-256:94507A16FF2013CD8FDA876C76ABC2AF816FFD6EEB74922A1090097528FE680C
                                                                                                                                                              SHA-512:DFB71852BB383E0ECE39381A1032FED4A25C137FE14E9490F22E0F8A5670AFFE84457F40F1BED455B2732F22027355BB9538109DE42DCCFE0583A7EC9D704D37
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x0...c...c...c.Z.c...c.Z.c...c.Z.c...c.c...c...c...c.Z.c...c.Z.c...c.Z.c...c.Z.c...cRich...c........................PE..d...i.l`.........." ..... ...".......)..............................................>.....@..........................................F......X@..x....p.......`.......F...............1...............................................0...............................text............ .................. ..`.rdata..h....0.......$..............@..@.data...H....P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......@..............@..@.reloc..$............D..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):173136
                                                                                                                                                              Entropy (8bit):6.58160064035458
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:TV8eyUbavDzJwkfJvnWsv9rsuQguAXwZ+LRrwZdLuVG/iNHN6:5M1dfMsVguQgZMvh6VM
                                                                                                                                                              MD5:58AF839323322202948776B70447BECD
                                                                                                                                                              SHA1:56C3492866BFCD0F45AAD645884B93E37EE2F01E
                                                                                                                                                              SHA-256:9E6C0101209AC39D3CC824B6BE5119D2A891F8EB394E058EB55FF7DF86744CF8
                                                                                                                                                              SHA-512:41CFA7E4E3AFC279017C84CAF07738AF928C8BEAB009BB3E6A6CF04BA34A8944ACD4B87FA93E96FC7FE3B2E22EF3B870E4CBF8E170625B36194503955660E842
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.>...P...P...P.?P-...P.?P>.>.P.?P=.b.P.n.+...P...Q.a.P.?P"...P.?P,...P.?P(...P.Rich..P.........................PE..d......`..........#......,..........PX........@.....................................s~.......................................................z..<.......PD...........I..@[...........................................................@...............................text...&*.......,.................. ..`.rdata..@D...@...F...0..............@..@.data....6...........v..............@....pdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\zip.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):78976
                                                                                                                                                              Entropy (8bit):6.727736454162949
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:JIaBtdoMaf34l03mzjur5WMa0EaIOQIO+VnToIfJIxqV:JIWo74CyMzxG+9TBfJIYV
                                                                                                                                                              MD5:A9040AD98AD82934EFBAC3DE57F9ACC2
                                                                                                                                                              SHA1:904E1B26AA21B7E7C065706AC4065EC43310B2A0
                                                                                                                                                              SHA-256:CF661A6D7172F64F3A7D9559EBA32C3363EA26A913AE56420A0A184A42198320
                                                                                                                                                              SHA-512:848678C637349D59B5947A50AE6736882B260F00B31ED6B39D205A28BD9D9415E43BC7499C8CC5B3F1DC2B6B476F964583AA3BDB8FFFBC6F35F363BAD3D694AE
                                                                                                                                                              Malicious:true
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..{.{z(.{z(.{z(...(.{z(.5.(.{z(...(.{z(...(.{z(...(.{z(.{{(W{z(...(:{z(...(.{z(...(.{z(...(.{z(Rich.{z(........PE..d...k.l`.........." .........l...............................................`............@......................................... ...........d....@..h....0...............P..T...`...................................................0............................text.............................. ..`.rdata...].......^..................@..@.data...h.... ......................@....pdata.......0......................@..@.rsrc...h....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\accessibility.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):149
                                                                                                                                                              Entropy (8bit):4.558376029276625
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:LFpfBZgZLXnuWxVEzERMLVAAiuKIn7IRAdSPGGzJzGBXlnfMaAHCR1vn:L7APWzTLVAkIiSPhZGBX5kaAHCXn
                                                                                                                                                              MD5:2ED483DF31645D3D00C625C00C1E5A14
                                                                                                                                                              SHA1:27C9B302D2D47AAE04FC1F4EF9127A2835A77853
                                                                                                                                                              SHA-256:68EF2F3C6D7636E39C6626ED1BD700E3A6B796C25A9E5FECA4533ABFACD61CDF
                                                                                                                                                              SHA-512:4BF6D06F2CEAF070DF4BD734370DEF74A6DD545FD40EFD64A948E1422470EF39E37A4909FEEB8F0731D5BADB3DD9086E96DACE6BDCA7BBD3078E8383B16894DA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# Load the Java Access Bridge class into the JVM.#.#assistive_technologies=com.sun.java.accessibility.AccessBridge.#screen_magnifier_present=true..

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\amd64\jvm.cfg

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1631
                                                                                                                                                              Entropy (8bit):5.001620365378865
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:vDoH/2QHrQEQtmKy/aOkHtbVJyqTbVKm2YPcH0nm3XWNeOoXHjifIBMB1XqfIi:+rHIty/qHh+m2YPOWU2fL1Xqfd
                                                                                                                                                              MD5:C60E77FF5F3887C743971E73E6F0E0B1
                                                                                                                                                              SHA1:9B0CFD38EC5B7BD5BD1C364DEE2E1B452A063C02
                                                                                                                                                              SHA-256:23F728CC2BF14E62D454190EA0139F159031B5BD9C3F141CA9237C4C5C96EC1D
                                                                                                                                                              SHA-512:07ACA3DE1A03A3B64B691FD41E35E6596760BAF24C4F24E86FCA87D2ACF3A4814B17CD9751ADC2DCD0689848F3D582FB3EE01D413E3A61D1D98397D72FE545E9
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# .# .# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floo

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\calendars.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2479
                                                                                                                                                              Entropy (8bit):5.223707333360392
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:HrHIty/qHh+m2YPOW7qOVu2HX1C5MCmCkcJFvRL:H8ThI1GtszlPFvB
                                                                                                                                                              MD5:FD47532D0C6AE3BEC63F2F1CE3336A6B
                                                                                                                                                              SHA1:E969A98067073C789B02168B211277EB393DB634
                                                                                                                                                              SHA-256:9B72CFAD9723C8B33EED3E18BDA69BE3F50740F8C11456487D3098E288359BFA
                                                                                                                                                              SHA-512:AB5975CA676F7F08EAC58902C352ED9BC67E03B75D6C0155AE75A1A4CC478905FA153F8DD7C1BCE0162C3C17E738B550F43D6341B437502F71B54152B307F6E5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Bosto

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3090257
                                                                                                                                                              Entropy (8bit):6.631617332418052
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:IwniRxz1nwdk3ehtSKdEUH2E2CbnvvoelbIsjO:vnirzNV408Zn3dlbI9
                                                                                                                                                              MD5:95C96B758DB5B270C574027DA01826E7
                                                                                                                                                              SHA1:9546A1E1817847D185FDA77ED807EF5C93BEB5E1
                                                                                                                                                              SHA-256:A5054FC62377F0EB99FE75E17F3C08ED5FB64F120E0797E6722F51DB176AA87F
                                                                                                                                                              SHA-512:B973FE482D769078A24417C840287292634A38E6F049BA4A8D1F91A9E0D246F42F18A2E869F211BB2A9F7F079D060A59BC7B258CD01761CAFD70DF09D8877B6A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.RD..E...E.......META-INF/MANIFEST.MF....Manifest-Version: 1.0..Created-By: 1.8.0_282 (Azul Systems, Inc.)....PK.........U.R...j.g...g......sun/nio/cs/ext/sjis0213.dat..g..................................................................................................................................... .!.".#.$.%.&.'.(.).*.+.,.-.../.0.1.2.3.4.5.6.7.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z.[.\.].^._.`.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.{.|.}.~........................................................................................................................................................................................................................................................................ .!.".#.$.%.&.'.(.).*.+.,.-.../.0.1.2.3.4.5.6.7.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.G.H.I.J.K.L.M.N.O.P.Q.R.S.T.U.V.W.X.Y.Z.[.\.].^._.`.a.b.c.d.e.f.g.h.i.j.k.l.m.n.o.p.q.r.s.t.u.v.w.x.y.z.{.|.}.~..........................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1047028
                                                                                                                                                              Entropy (8bit):5.853884040743423
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:H+BXim0XyhTMeRoqkobZ36qoCFsQn3cE1JrEc3D4F:Hiym0eRog56Wn3PcF
                                                                                                                                                              MD5:18C2B0D47A25B263C555EDC4305B3A62
                                                                                                                                                              SHA1:8A76193E200E5CEFE782C617966282157A535087
                                                                                                                                                              SHA-256:62BCB3385C37E914BE0ED0EB4E4C41F4B01A4A6123C784A8838AEF53F35674FD
                                                                                                                                                              SHA-512:F805973FC99D46CD485806D9E4B5A4ACF6462D9E900245A3E0208CBDED18F78F8E1AFB9CA29ED82876ECEDE79342932C1A4E2645A719FF1408F213F0C4C4B50A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.................].....1......&..........A.4..h-.\-&..+.......B...2....y.......mX+...........a+3......-..-..-.....-..-..-..-.....-.....-..-..-.....-..-..-..-..-..-..-........-..-.....-..-..-..-..-..-..-..-..-....-....-..-....M-..X..s+.....yQ..m-....lc.-...../.....?.?.?.?.?.?.?.?.?.?.?.?.m.?.m.@.@.@.A.@c..@y..-.m.@.@.A.@.@..m.@.@.A.@.@.@.A.A.A..........3....................)zq-m*...-./..y..+#.......\\...ABJ...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\classlist

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):84355
                                                                                                                                                              Entropy (8bit):4.927199323446014
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                                              MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                                              SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                                              SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                                              SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\cmm\CIEXYZ.pf

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Microsoft color profile 2.3, type lcms, XYZ/XYZ-abst device by lcms, 784 bytes, 28-12-2006 18:07:22, no copyright tag "lcms XYZ identity"
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):784
                                                                                                                                                              Entropy (8bit):2.42970830905406
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:Pg2lA1s9flg6lwTltOskA555m2kA555m2kA555R:zA1s9flg6lslJ
                                                                                                                                                              MD5:09BFDCD5B55FE322FAF0A4CF94F289C2
                                                                                                                                                              SHA1:FB7D37DB9AD5679600A27352AA1998D5BCDC9311
                                                                                                                                                              SHA-256:98CF012F6122C833B1FF4FBBE37F43A808D769D9B10BA43F3411728E7BB58BEA
                                                                                                                                                              SHA-512:F62D3F6762F6649F97B0DF031C2C381BB4553C7B5CDB39C8ED87E8256EC560437B7D60E728FD10A581EFB5F4DDD3D213C9B25707830E32845B451CD9DC3540F5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....lcms.0..abstXYZ XYZ ............acspMSFT....lcms...........................-lcms................................................dmnd.......jdesc...D...ldmdd.......gwtpt........A2B0...,...LB2A0...x...Lpre0.......Ldesc........(lcms internal).................................................................................desc........lcms XYZ identity...............................................................................desc........XYZ built-in................................................................................XYZ ...............-mft2........................................................................mft2........................................................................mft2........................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\cmm\GRAY.pf

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Microsoft color profile 2.3, type lcms, GRAY/XYZ-mntr device by lcms, 556 bytes, 28-12-2006 18:07:22, no copyright tag "lcms gray virtual profile"
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):556
                                                                                                                                                              Entropy (8bit):2.4790708147231753
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:g/2YeNcjylAll1NfAL+V9pglgkX/lDP89YMOlI/lZcHd2Mlll:g1Ac2lA1NIL+3pglg6lDkTOmlZc4kll
                                                                                                                                                              MD5:FD6340C81F2ADC503AEA746B79A96979
                                                                                                                                                              SHA1:D73ABFDF682FD0F570775B90E40D714976339F33
                                                                                                                                                              SHA-256:D3FD8CB41B7EF8C5EA53BFECB1AD6D4762197C8EAB04444545E083DFF6F86FA9
                                                                                                                                                              SHA-512:A2C861B66C78C66119172A57AD96BC68CC51959B4A41D300C30FE16E4D10077A8F6B0328ACDA14602C054BD291DA49865C77B8358A285211DF7E10011DD06934
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...,lcms.0..mntrGRAYXYZ ............acspMSFT....lcms...........................-lcms................................................dmnd.......jdesc...,...tdmdd.......hwtpt........kTRC........desc........(lcms internal).................................................................................desc........lcms gray virtual profile...............................................................................desc........gray built-in...............................................................................XYZ ...............-curv............

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\cmm\LINEAR_RGB.pf

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ColorSync color profile 2.3, type lcms, RGB/XYZ-mntr device by lcms, 488 bytes, 28-3-2008 14:24:37, transparent, relative colorimetric "linear sRGB"
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):488
                                                                                                                                                              Entropy (8bit):3.1769785389298173
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:scdIhpzWllDGnYAsFoDAlAPWrNBRPRjtlhhlhhll:sc2hIllSnYz3lRBNpJN
                                                                                                                                                              MD5:CFECF0A79F8E6DC8D8120302F2A2E837
                                                                                                                                                              SHA1:7576E83E5911096471A97F5E73F3238C6FFE6976
                                                                                                                                                              SHA-256:790DA58CCC79D03658283652716EC9896ED31E0392D818E60F6832815EE79F4C
                                                                                                                                                              SHA-512:B5A90B49AD4DF94BB7E4D88796BAA7D6F908D892815BC3B59E441B3A9262682EAA5610052D75F76B87B85A577D2E12096676D6C56152B0E80DAE6D7B72EA31A1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....lcms.0..mntrRGB XYZ ...........%acspAPPL...................................-lcms................................................desc.......fcprt...X....wtpt...h....rXYZ...|....gXYZ........bXYZ........rTRC........gTRC........bTRC........desc........linear sRGB.................................................................................text....none....XYZ .......:........XYZ ......o...8.....XYZ ......b.........XYZ ......$.........curv............curv............curv............

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\cmm\PYCC.pf

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ColorSync color profile 4.0, type lcms, 3CLR/XYZ-spac device by lcms, 234080 bytes, 10-4-2008 10:24:22, transparent, relative colorimetric, 0xf0e75c55d21e4d8c MD5 'PYCC from PCD 045'
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):234080
                                                                                                                                                              Entropy (8bit):5.916799738162389
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:kPQxu94sua+Gl+tqocgEBRQTbwAIoF1r+KRlN13yFs+75rcjG1sIGH69Jwf4CVoy:kPQxu9iaOtxOQAB81iyxyWs5gH
                                                                                                                                                              MD5:2F3658826C5402382E78BFDA48A78A6B
                                                                                                                                                              SHA1:DA0DB2D41E6CEAD9E38A7E4A5C08FA7E90E57B22
                                                                                                                                                              SHA-256:0031AA2B8B4D490369A2A601AE0D95505DF0CB86C0504F080C02ED87E84B3DDC
                                                                                                                                                              SHA-512:F1114143E1F656DFD68E3F32D87439DFC1DDDB859E2664DA3E902FEEBE3AC63E04213230C9FF3EC630E390EB3A85E2FD483A6E5AD2992BF3D89D1129FAF86BF5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...`lcms....spac3CLRXYZ ............acspAPPL...................................-lcms..\U..M..C......................................desc.......>cprt........wtpt...(....chad...<...,B2A0...h..x@A2B0..y.....mluc............enUS...".....P.Y.C.C. .f.r.o.m. .P.C.D. .0.4.5..mluc............enUS........XYZ .......R........sf32.......?.......(.......................ymft2..........{8...............~...G...|.......6....... .A.a...........".C.c...........%.E.t...............y.`.C " .!.".#w$C%.%.&.'V(.(.).*>*.+.,S-.-..U../.0F0.1.2(2.3a3.4.5,5.6W6.7|8.8.9+9.:E:.;Z;.<j<.=w=.>.?.?.@.@.A.A.B.B.B.CvC.DjD.E\E.FJF.G5G.H.H.I.IwI.JYJ.K9K.L.L.L.M_M.N7N.O.OwO.PJP.Q.Q.Q.RPR.S.S.S.TKT.U.UvU.V;V.V.W_W.X X.X.Y?Y.Y.ZZZ.[.[r[.\+\.\.]>].].^M^._._Z_.`.`d`.a.aka.b.bpb.c.crc.d.dqd.e.ene.f.fif.g.gag.h.hWh.h.iKi.i.j=j.j.k,k|k.l.lil.m.mTm.m.n<n.n.o#opo.p.pUp.p.q7q.q.r.rcr.r.sBs.s.t.tht.t.uCu.u.v.vdv.v.w<w.w.x.xXx.x.y,yry.y.zDz.z.{.{Y{.{.|(|l|.|.}9}}}.~.~H~.~....U......_....&.g....,.m.....1.q....3.s....3.s....2.q....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\cmm\sRGB.pf

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Microsoft color profile 2.3, type lcms, RGB/XYZ-mntr device by lcms, 6876 bytes, 28-12-2006 18:07:22, no copyright tag "sRGB built-in"
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):6876
                                                                                                                                                              Entropy (8bit):7.544186956447987
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:/Kmx6MT0D5MdtbZPAVwzVZ6MT0D5MdtbZPAVwzVZ6MT0D5MdtbZPAVwzVR:/TzYNMtKwBYNMtKwBYNMtKw/
                                                                                                                                                              MD5:F6439592EF7CED5ABDD4AB4CBA3777FB
                                                                                                                                                              SHA1:11C7BE03D659C369474A6F2231561350AE7889AB
                                                                                                                                                              SHA-256:87E382B9336E6A0417A4D860173109AB319A029CF2972E19833A3327C65BD7E4
                                                                                                                                                              SHA-512:9029BE4A78E1A3C59FB2587D9A8E9EDFB08415C9D4EC4C5956808C0144DCDE6FD78F50A5D6E7A3AD441BE332C9207BC93B83A4B96ED6AFDFF257D5CC7DEADE10
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:....lcms.0..mntrRGB XYZ ............acspMSFT....lcms...........................-lcms................................................dmnd.......jdesc...t...hdmdd.......hwtpt...D....rXYZ...X....bXYZ...l....gXYZ........rTRC........gTRC........bTRC........chrm.......$desc........(lcms internal).................................................................................desc........sRGB built-in...............................................................................desc........sRGB built-in...............................................................................XYZ .......=........XYZ ......o...8.....XYZ ......$.........XYZ ......b.........curv.......................#.(.-.2.7.;.@.E.J.O.T.Y.^.c.h.m.r.w.|...............................................................%.+.2.8.>.E.L.R.Y.`.g.n.u.|.........................................&./.8.A.K.T.].g.q.z...............................!.-.8.C.O.Z.f.r.~......................... .-.;.H.U.c.q.~.......................+.:.I.X.g.w....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\content-types.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):5548
                                                                                                                                                              Entropy (8bit):5.037985807321917
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:r45Vf4fq7MBzO4pYEZ2MQ6KXr3NO0slzMX+W1CuHvvABbiAQ+xaW/ioLHTU+Wsch:r4KJO4mEZ2MQ6Cr3NO0slzMX+WIuHvvv
                                                                                                                                                              MD5:F507712B379FDC5A8D539811FAF51D02
                                                                                                                                                              SHA1:82BB25303CF6835AC4B076575F27E8486DAB9511
                                                                                                                                                              SHA-256:46F47B3883C7244A819AE1161113FE9D2375F881B75C9B3012D7A6B3497E030A
                                                                                                                                                              SHA-512:CB3C99883336D04C42CEA9C2401E81140ECBB7FC5B8EF3301B13268A45C1AC93FD62176AB8270B91528AC8E938C7C90CC9663D8598E224794354546139965DFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#sun.net.www MIME content-types table.#.# Property fields:.#.# <description> ::= 'description' '=' <descriptive string>.# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>.# <image> ::= 'icon' '=' <filename of icon image>.# <action> ::= 'browser' | 'application' | 'save' | 'unknown'.# <application> ::= 'application' '=' <command line template>.#..#.# The "we don't know anything about this data" type(s)..# Used internally to mark unrecognized types..#.content/unknown: description=Unknown Content.unknown/unknown: description=Unknown Data Type..#.# The template we should use for temporary files when launching an application.# to view a document of given type..#.temp.file.template: c:\\temp\\%s..#.# The "real" types..#.application/octet-stream: \..description=Generic Binary Stream;\..file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz..application/oda: \..description=ODA Document;\..file_extensions=.oda..application/pdf: \..de

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):149195
                                                                                                                                                              Entropy (8bit):7.901933226373155
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:T4pT1xcQRJrf1B/dSjNlyx9igbJJQZeOIlfVXWXKQxJM:MpcQRRdB/cC/igZFRVmPxW
                                                                                                                                                              MD5:D1F7A7FB0A46EDA64B92D27BF48FF07C
                                                                                                                                                              SHA1:E26E4F4B326E4E1E3A47A27B10F4F7335EFECAF3
                                                                                                                                                              SHA-256:2EE219B2825D2174E5A03FF15A7BC3FA2A72D6322672ABB2BC3BE2BA7153F550
                                                                                                                                                              SHA-512:6034451481DCF2D4483E5EDAAE6C60197CB3A7F6C0EC726C7B0F8209632523D24ED7E4548DF2942ED18E93C2CDD08A8D4BE483D5329DD400AA97543DE2B865E0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK...........R................META-INF/MANIFEST.MF....EPKO.1..o..a...ew..8aD....t.m.......[$..&.......6.z.A1.m. ...[$o\`....n=...C....Q.q..3.,&..Z.2.5E..~.|.5~.Ar).W...x....9.b.w..Ld.,~5..>.83........K..4<.0....R...#gB..T....CS.*u.<..l.#{..).i$.S.&G.s....h..b&SW....@..#.7...X.SO>..,X.9.bk.n.,~.PK..p._l....Y...PK...........R................META-INF/crslog.channels.cfg..]k.0.....B.E.../........?K.iFL\..../.....Q.>..s..a.W...,.n.{.y.k.8O.,".K.{..Q:!..0.F52..)m*......h.A.1.....iV.}0.].....t#i...9.%\.Y.A..!.W..`..../..UA.....]..7L.]...J.3q/w:}Qq.z#a.....Q..;.H.E..._.....p....Y..U+U..`.F1...,.".....G5..v...K...9...^Y\..B..d.R..GP....Y....o.F.(:1.~.PK...TU.'.......PK...........R................com/azul/crs/client/crs.jks.:...0..6...0.....*.H..............0...0.....*.H..........0......0.....*.H......0)..*.H.......0...[.5...4.4.=.".1pZA].....P......R.7...+.w.............!^..I..(_$?fNG.9Y...!.A.x..V/..:...m...@..f.I.G ...V.;..7/...P..H.T.h{&......Pe.4Y#.2.-/........

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):85075
                                                                                                                                                              Entropy (8bit):6.697078741574435
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:7mUlPrLpiahcdI7gSiCRnMxzXWr2j8+Gyp+dkeLLWM7Hj36yu68D5p646bd2yqVO:LlPrLpisBM1xx8Ip+vf36yu68DX646bN
                                                                                                                                                              MD5:7618098477E433A3297BEEC060E38554
                                                                                                                                                              SHA1:E57585E7F78F8290A534BAE6BBE85E89BF59B671
                                                                                                                                                              SHA-256:75E2FCD8E5DB747C4F2619C67E9A6898B083318DBAB0B4276052593A9ED22825
                                                                                                                                                              SHA-512:FC46A67C3C7E3BCB0F3E8E2611A749692FE4C2CDF1AC89B9E5013DDC6F58BBAB4D012E58CD85901F0D171C8FF5E9E5CA3C08811ABAC38D89776F67DD1B72B56E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................]f....................G....9.4X..................................................................................................................................................................................................................................................................................................................................................................................+ . ( 9 ,................................................................................................!......................................................................................................................................................................................................+....!..%&&&&&&0&...........(/....(.&&..()./..&'''''.())).).()7...,---....%%.".%.. ....................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\currency.data

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4102
                                                                                                                                                              Entropy (8bit):3.243897091480785
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:vlWAFFGFSupi94b6OtF8iXh5vkkC6/dHLX2/bVDbeEsBJ:vlWAEi94b6OtDXh5vkkW/pDHsr
                                                                                                                                                              MD5:ECA8C4708672C29C2D10342225022F8F
                                                                                                                                                              SHA1:F09A8C2799109DCBF797E977D45EF31D83842B8D
                                                                                                                                                              SHA-256:09FCC77F1584E4222553F7AE6B6D4E6735D7950FA0DD1A7FDC8B91ABA0F53915
                                                                                                                                                              SHA-512:859EB295B4922EACDC73E11C2F09BA44CD4C0557F282BF3344D90F57ED7151E36BCC343D42DCACA4D24A8814AF1C27216E13DF8F4A2D79A8F57557BA5A0266D0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O.......M..PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):195932
                                                                                                                                                              Entropy (8bit):7.794757139566555
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:uS6k44y4fz0LQFdlkfpnMaoyDXrUloNJ7IObmaUsl:ILs70Zqao+7k6J7IObmol
                                                                                                                                                              MD5:4D15B4682BD758875CBDAFEFF2FE6BF7
                                                                                                                                                              SHA1:741E6DD1ED48FE2D60DB86E55653F8C3A0AE94F8
                                                                                                                                                              SHA-256:5EB097F8DAFDE9FDE128F4551ECBA725E8343B637A7564A7FE70B2EB35C9E983
                                                                                                                                                              SHA-512:98758C04D675BF9712F1622D8FB4B04199980E0BEDA3AEC5E81D8D41D3F7CD2F0DE1E0E89C42D79235E02BC12B332E90912B4F843C35E9C5B8380C91CEF7060F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.JM,IM.u...X....Y.)h8V..(.W......(x.%.i.r.r..PK..D..E...E...PK.........U.R............-...com/sun/java/accessibility/AccessBridge.class.}.|.....3s..n.$$.Xj.BI.P$...!.$...K.@$$.B.....;...Q.4...{..gy...go(.sffwg[.......{..{..3s..?.{..r.....`..c5...4..j.I.W5...R4.Wc.46AcY...X..r5..IOi..<H..k..!W2...gjsS.7uz*.g..O...U...-.U.;.T..:.c..-.Wl\.....cK..<..,.3M...c.....SS.kk.--..Prq...M.>...P..q./"ajj..v...:=.......-.e.....:..............#...f...cjjimS.Or.z...?b.F46z.i....[-.$b..T..S[...UY.fmk..D.-\....S.mh...MM......9.......hSS...H...Xgz...[=...:.....u..X.5ku..U-....Zu...m.6..h.V..V.S.....K..5.M......7..e%...pI.....+.K.1.dx....n.75k.Dr{.5r1.ojd.*.../.n.6..,.,_\X....%.+J.#C.&..E...K....%..W.U,E..+.**W....*.4.....[R8...T......s.UZ].).Y%U.+..(-.(.......B.J..*.`.UZYR.9j..6..0.....].K.J..U...kvE.*...FpNaiy.,.lo#...*P^>..p.2v.)+...I.6..Z..W.T....0..<.TVXTR...+J(.A...kJ*1`.P.J..C...(.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):70234
                                                                                                                                                              Entropy (8bit):6.383191413835267
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:FLpN00QYQvWCdznpQ8Q/JIEzNbyaRUcAgNBY6OjjYIKKuSWdddddKfaW3ttapII6:q7cI2z2RNp
                                                                                                                                                              MD5:A9C19296CFFF6730388171354874280E
                                                                                                                                                              SHA1:48DB4034CD603D01603921F19BC623CB08E9C96C
                                                                                                                                                              SHA-256:E752DCA0E0913FA722AA507538976E66E5425DB6B3EF36001013B4398066B2B9
                                                                                                                                                              SHA-512:96517FF57B0328385B59A1F479E377E0563E316264FD6F9CA0C542C7C0B8669FE012E531EC4724FE85164DD950230C2BBBB1156408C67816832EA1163031231B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................]......................U.......4..*.+*............................................................................................................................................................................................!......................................$%.....,..../..............................................87.............*...&%.../...D.7,.....#......).(......9....q./!D/.,?..l..V...&..........#....................&...........4./................................................................%......................-.J.........................................................................................................................................................................................4.5.... .....%....9............"..................................................................................."%..........$-........................................................................ .............................................,).*)...0-.....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3837771
                                                                                                                                                              Entropy (8bit):7.971566174456575
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:98304:yqh7xUQK1EaAkquBNwTRIn4P6J8DvwMEA+ZAHCK/ht:X7xUEjP6JgyA9iy
                                                                                                                                                              MD5:A2215EBC2EB45090237AB049407FF166
                                                                                                                                                              SHA1:FA8780BB08079FA5A068257809C538B0B58AFEBD
                                                                                                                                                              SHA-256:B75092D771CEE147D756F462E8B21DC846ABC59199A3ABDA1EA2A04305E4117E
                                                                                                                                                              SHA-512:543EFC2F87D7469D72C01D748176CACDFE160956C28721A5255266AF40856C752A05AC75E9BC1B46FAEB785E7A6323744E882AC996A8F3EB8BCA4248154F3E7F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z..F.F...U.9....%...:..y.z..\.\.PK.. .A.P...[...PK.........U.R............(...sun/text/resources/cldr/FormatData.class..yx\U.....fi....K.P..[Y.tIK.m.%..M.6.d.:.iI..T......*K.l..... .u.U..........L2Sg..y.{..{...g../?....[.,.._..D...(#....."H.#......#...D.1.....Db.1.8..BL%N&.....L...E.&..S.9..i.\b.1.X@,$Z.V..h'....%.R.t...L.,.lb.q.q.q.q>q.q!..XAt.+.U.jb..I.%......b....Dl&..Ab+q1q......&.#.'^A....x..j.%z.^"Dx.v...'..A"BD...'v..!....$R.Nb.q%1L.&."^K\M..x=q.q-q.......7.7.7.o!.J....x;...f......%.G.B.J....q..A.C.........G.;.....{...G.{.}.}......C...c....G.O....$.#.'..O...'.O..&>K<C|..<....a.K...._%.F|....M.[.....%.G.!.%~L...).3.../...._..!~K.H...=.....?..!.N.....2.o:>:...).SA....SM...x:.t..L.......l^...>..q&...,".\6w.%.[(O.<....>gQ.&&.X$}..T...9C.3.9K...9GZ97..'...;5.fytS..M.z.!im.....>....U...n..=...nl.~LX.....C..7..B..t.]..Mz..d.K....hF..w...1.H.+

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4060828
                                                                                                                                                              Entropy (8bit):5.6541805040869795
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:+kSov8bdfSAY3YQMhHBUmrMYHt+e1et++e:PEbd6AY+BzrJH4e1qC
                                                                                                                                                              MD5:C70A80C9AC49FA51B2B77FC62A7B839D
                                                                                                                                                              SHA1:3E1A26F783C86FD60F03C7F3F2DF7B739F621BC5
                                                                                                                                                              SHA-256:4431AEC1F1AB898589DE8487B57DE2598B4659AE671D02859C3900DA509B0B26
                                                                                                                                                              SHA-512:33F8FCB9192C4F08A7814E2AF68B566C4695DEEF58FEB5237D4F9E1DAA315910C119102DB19AB02E99ADC8A7CD29DEF4A6440CF55C68717C994C6D6AC832FE9A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.................]...................4..+-4+.+..n1.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):43747
                                                                                                                                                              Entropy (8bit):7.908523173289441
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:3+hK3ewenO5ULrAjjMSLAr/rzPzCBxAIjlJwHHjKKmJj4:HOweg9LA/zPWBxA4zXa
                                                                                                                                                              MD5:BDB0F2C26BC783803269FACB7D43EC0F
                                                                                                                                                              SHA1:73AFC0C4510FE6394E9359C4A6B495ED9F7D692D
                                                                                                                                                              SHA-256:4FDE6B2F2C746DB62AB5930B4ABCECC966131535A83F2CC93067011D7071E6FD
                                                                                                                                                              SHA-512:4714127FFA2EF2B4A1789E70D7ADE04056F3547D36016B82C7A49881367428A9C664E8F1B32817781C12FD4965DCA9320DC9762AC829DBE90164CA1BD5F80CCD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3..r.JM,IM.u...X....Y.)h8V..(.W......(x.%.i.r.r..PK..D..E...E...PK.........U.R............5...com/sun/java/accessibility/util/AWTEventMonitor.class.X.x...>.y,..y..<x. .h...Pj..F..$..j....$..fw...V.mUDE......j[.*...V.Z.Z.#RJ.4.i.S-Zi...f....n..}..>.....=......SDT#.K.V.p.j.K.^......<.......#k$.\.uJk...j....o......~sSCss....I....|J8\.x.b.`.>X.+...<Zj...K....E.A.q..8Xn.\l..0.V. ...C.F.8........m.=.}....vtH..[k.R.s.{..H@.F..B......t0..c.O.az]....S..j.(.}&.3.>.P4...@.j..u2]... ..f.?.......6.R&N.'...5@..F:..G.u6...oW.&.'...!.....L./...G..{.............h..U.....%M!.j..k..........7U*...T.X...Q/..$N.;.A..RaN.O.e..".X...V"u6b.0...=8.&o.[........'.M!Vh..^...7..f.+..y.d^u....]..}.....)Q.a....DQ.1...F.#..C..4.qS.v._n3....Q..}...;.,/.m.cj|.&..+..O..X2. >kN....).s.s.k..-..0k=...$hOo...=.`...1x...K.j$Z.....6.f.... Czq.!."f..~.9......H7-r..nZ..nz....Y..........D.'n..3.i..T......B....XQB..,....+..H.L...

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36458
                                                                                                                                                              Entropy (8bit):6.567589346753776
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:W+eNocIxRNMNo8CDYhYUZ1d3Vh6yDZvi7dmXypppppppppppppppppYppppppppc:iN3IxRGND1hZ1d3Oamdm9hKaE
                                                                                                                                                              MD5:171C05D2FEFE375032A6BABC7DD11515
                                                                                                                                                              SHA1:DEC20C83B6168DD5D3BB4935322E39E7C46BA3D8
                                                                                                                                                              SHA-256:29977238C33D12C08AEF17139DAED8D7ECF97B4F502C40A791062915705EBE52
                                                                                                                                                              SHA-512:9A84FB352224542453863C53F6DBF72829EA019B9D2A771420414DAEC27920A84E1BA3E6D3161D9B6B447B0AD6FF7088CA9BF1BA266BE4757F113661EFE03CE5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................].......I........c..4..................................................+.......................................................................................................................... ...........................X.0......!.."!.........9.......................................................................................................................................................................................(.......................................2....9............................. ..........#.....'........................................#...............................................................................................................................................................................+4.!.!....................................................................................................................................................,...........................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):428740
                                                                                                                                                              Entropy (8bit):7.944198443680966
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:X1H8fn8lnoHhvwUPfveUFn6GxiPdAIl7o:XF8nWE4keu26Iu
                                                                                                                                                              MD5:80558729BB2EDFC3B03B8DEE73D527B4
                                                                                                                                                              SHA1:521D59E97A3E254ECD9DD06B213AC0FDA4C2983A
                                                                                                                                                              SHA-256:F17139ECB92B94A2A3909A5A2F2C8A5FEEE9AFAF25E8CD2B5A8AB0FD3DD73C9E
                                                                                                                                                              SHA-512:80E5785BEB2DE61EA8CC9882E94E3ABF99917556467EBF935297A9E0F7376B313850CDB0FFEA2D98ADA9DB8C6B3A6104572399667E8CFDE0CD537775E445B0AD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK...........R................META-INF/MANIFEST.MF.....M..LK-...K-*...R0.3....-.I.M.+I,...d..Z).'&WZ.f...b.A2.P...43'E.+%[7. 5.$l...\..X....Ti...X....X...Y.Z.`.g......PK....t.x.......PK...........R................LICENSE.\[s..~._..KU.f.l..Q*U.DYLdRCR...$.". ..E.........LvS..%....;..b.......W%..k.y...........n...:+..q`....~....\..}.=n.{zy......?..sv^...r..l.4i.......+........6.{.........Oe..._....>...._~.`..CcFO.. !...U.i\j..@.M..Y.T.m..Kl.....m......r:...v..l...j...Y.h..V/..&y^>.....%.e.Y.c.@m.ee...........c!t5.w..9..}.Vv......k.d..Gj.....ES%5.j......)oe...lm...[.h+z.h~...l...k...`.~...n...5..........v9..d1....U.xWG.,.qI..%...*..dk.7%.....jpi...m-R.I..r............}.}`.m...j.*..qIz~f.......L.a.+.5.X.P.o.W.g.w..........U....R..X.w.6..me..U.P.X.IC*a7...7R...Kg%=..*N.(z.6..x..6[...Y.9...U.V.{.E.jEK..K..zt...~.....JzG......|...q%T.".-...~!...^....C.%..&...5d.(......vh5.p.'+G|Z...8X..R.S.Gx/u..@....l...;SC..V..l......h../P.y...

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):278135
                                                                                                                                                              Entropy (8bit):6.6939320673272364
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:wkRW6Sp+RI7HP7YJXv50+ACy1av07m2WtozTItNBW:Jc887s5vf0auJ
                                                                                                                                                              MD5:3B997068ED80236BA82703B7C8275621
                                                                                                                                                              SHA1:63D2BBCA29231220D5BEB285C9CF263B4C93ACB9
                                                                                                                                                              SHA-256:40799E64DA3944F75DDB8E9A378C7D37FE8C94183F173717B2F08DAD865CF89D
                                                                                                                                                              SHA-512:C67CA18A538EA12E0032728E575F25B11DA6B847EC3ECCCEB59C53D18EDDBC4D711D4684E8F60ED0DA6E7149AB31A9F8C04EF45F5C5792CEB749C3F7E5B7DDB4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..........@.....]....F............ ....N\.4....#.4*.%+.F........................................................................B.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................''..++............................................................................................................................................................0..................................................../,+.........................$7.'...................................................................-..........@?..........FE............................0......

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\meta-index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1111
                                                                                                                                                              Entropy (8bit):5.009963406017043
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:EV677x6CFRfYyV86xXFN4jKR980Cm/pvCbJq/LlIrT6/pNmV3UZRV3zVCY5ql/:EE796OfY1OojEGKgMluabe3cb3BCV
                                                                                                                                                              MD5:FFE4D339A01AD17B62B5709B38A66EE5
                                                                                                                                                              SHA1:955C728639EC81D6AB1F6B415DC281DD51B0BDEF
                                                                                                                                                              SHA-256:73FC0ECB48496A5EE9537EC5F9330493F0813E8F651314331ECE07DA43B87206
                                                                                                                                                              SHA-512:FA03E1D9B8BF729E04174ADC3E65C5D9175D893AB5E2505EE371BFB51366D18F49DD3DDC03D0958F639D5A137794E9BEADF8B4EF13C144204340F235433FC462
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-64.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..sun/net..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..! jaccess.jar..com/sun/java/accessibility/..# legacy8ujsse.jar..META-INF/maven/org.openjsse.legacy8ujsse/legacy8ujsse/pom.xml..META-INF/services/java.security.Provider..org/openjsse/..META-INF/maven/org.openjsse.legacy8ujsse/legacy8ujsse/pom.properties..# localedata.jar..sun/text..sun/util..# nashorn.jar..META-INF/services/javax.script.ScriptEngineFactory..jdk/nashorn..jdk/internal..# openjsse.jar..META-INF/maven/org.openjsse/openjsse/pom.properties..META-INF/maven/org.openjsse/openjsse/pom.xml..META-INF/services/java.security.Provider..org/openjsse/..! sunec.jar..sun/security..! sunjce_provider.jar..com/sun/crypto/..! sunmscapi.jar..sun/security..! s

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1319827
                                                                                                                                                              Entropy (8bit):7.901578742137776
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24576:kZuNn4pYhFTDB+qCmTIyhehSwZhj+LZYmlf8xq54qD8Cc:1N0YHBPibRZgtaCVYv
                                                                                                                                                              MD5:A2DD6BACED76FE17EF8DB6D6A6DCA1EC
                                                                                                                                                              SHA1:26E46D9FB59464F895DA1474ED0C545831311BD0
                                                                                                                                                              SHA-256:47545A341A3E7B99164150D000607E10B7B3A16CAF3320090FC1E5C6128C13E1
                                                                                                                                                              SHA-512:A9472630786CA3369C3E1D9303B5430EB744C962D7287B95D75CAAF00D15EF735C985E5093CC2D36DABFCCAAB2782210F71EEC1BE3CD1CC05886EAA969DDC947
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK...........R................META-INF/MANIFEST.MF....u....0...@.!/.`..d.N..*.!..i..X..5[E\........"e.....pv...PL...B.C.9".s......l..4..CwO.N..C.`.....L...K..,....$.Um=....7PK..|.j........PK...........R................LICENSE.\[s..~._..KU.f.l..Q*U.DYLdRCR...$.". ..E.........LvS..%....;..b.......W%..k.y...........n...:+..q`....~....\..}.=n.{zy......?..sv^...r..l.4i.......+........6.{.........Oe..._....>...._~.`..CcFO.. !...U.i\j..@.M..Y.T.m..Kl.....m......r:...v..l...j...Y.h..V/..&y^>.....%.e.Y.c.@m.ee...........c!t5.w..9..}.Vv......k.d..Gj.....ES%5.j......)oe...lm...[.h+z.h~...l...k...`.~...n...5..........v9..d1....U.xWG.,.qI..%...*..dk.7%.....jpi...m-R.I..r............}.}`.m...j.*..qIz~f.......L.a.+.5.X.P.o.W.g.w..........U....R..X.w.6..me..U.P.X.IC*a7...7R...Kg%=..*N.(z.6..x..6[...Y.9...U.V.{.E.jEK..K..zt...~.....JzG......|...q%T.".-...~!...^....C.%..&...5d.(......vh5.p.'+G|Z...8X..R.S.Gx/u..@....l...;SC..V..l......h

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):594658
                                                                                                                                                              Entropy (8bit):6.579262535907251
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:x7M0OZX224seLcjlbvXd8I6+DwJlZ3yrwgNc7GuffND7votTItNUT:xAhXksdll84MlZiOQ
                                                                                                                                                              MD5:558A800E89BC6C647E2909A0C91DD9F8
                                                                                                                                                              SHA1:8FCFEC1B4E704661FF0C7599E0EE2EC60C69088C
                                                                                                                                                              SHA-256:EC51166A6F4796DE2283DE2A59E9143D953FE37BF9ABBC71873A3978DBEC85DB
                                                                                                                                                              SHA-512:19E585B8D1C13AB511EE66615442FB2BCE3BB529225B623271A8F27A58D76D541434AC02B619D55BBCA03F1F9ADAE94745BC1F2504EADC7F00220B49BA6C13BF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...............].. ..}...3..*...(.>.".4........4..a*.++..+.F.-..+.*...+.*....+.+.*.........................................................................................................X.7.21................W.....,+....8).;..................j.........G.............................................$+............................................................................................................................................................................................................................................................................................................................................................................................................................,..............0/.................................... .............................$....................................................................................... ...$.....!F..)2..M..8.!...!.(.7...!.21.('.............................................................&%..........

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunec.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):38727
                                                                                                                                                              Entropy (8bit):7.891560294787747
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:rVsF42d0Krj6iYlVSXf7q/g04SlKQeV/t/gBPOOajt0608bHsmxghUo5X0rnVo/V:rn2d0KP6JTSXf7WNBm/tgBPKj6N8bHTE
                                                                                                                                                              MD5:D26C0844948B7761BF5A31C9566A4EF6
                                                                                                                                                              SHA1:307B8C20A57BFB50E9C87DE0E40C3AB123559B7C
                                                                                                                                                              SHA-256:F981882B27A2C812F9BAD2126FCF06035EFF1F8E0343BBF6680BD939E7C58255
                                                                                                                                                              SHA-512:7D91A079E90D1E14E4AF30E3F995AC9C4797AB8B0CD87CA6AC1243C58147DDDD235B92B8709C67317EF2A4B70D6CDEE3FBECCC016528874211C91EBBA4AA0806
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MFu.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........T.R............&...sun/security/ec/ECDHKeyAgreement.class.Y.|T...y............ *...I.....@.R.....3s.y..Z.K[m.b.V...n[....V'.t.uK........n.]..w..n.ae....$.A.o..s.=.;..un.....\-.......X.S.|.R<...'....q...Nhx.O..V.q|F..<.F..v!...I...0..q..u..q...qF..../.%7....9.........K|A._tc..U./....)..T.{Y._VH..f_U........%....|S..;..r.*.......{7...Qt.Q..u.\....}.O......~...~.F'.t.....5....t....WnlpT.k7.........}J.....(.^..[7v..*hJ-C8G..5..J4)..=RN\RA.E...T.gq..*.Z.5....:.G...j......nY .5....H.x...\..j[.S.K4.\..Y..CcF..j....;h....3......h....3...=..!......}j.yOe..!...d...H...P4.\'(ml.-(..../.5.S.a3....s.mFG..K`...Y...YK.jb.0.A

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunjce_provider.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):269185
                                                                                                                                                              Entropy (8bit):7.89242684139804
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:Xuke9iwex5i/oW302ZURn9MwwzVT6LYpm1xkXTQZ7Wym:XO9Rqi/om02Z49ZwoYpm1OLym
                                                                                                                                                              MD5:CC7752297E305A26DC749DC764343B21
                                                                                                                                                              SHA1:0FDE5A3660A777D4C366551AE8182DFDBE8A8DF4
                                                                                                                                                              SHA-256:9750A2F9FF23276E55E7025EECDCDE09E22E8B840663C59177013DE195F46887
                                                                                                                                                              SHA-512:B76E8C2D7B62D7A1E949DDCD8B6419352D64938ACF6CC65F99D7FD82EB03620B4A4429D33CA913CF585AE88F43C57A1BC612E84922CDCB83DDF60D1BE2ED0591
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MFu.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........T.R............<...com/sun/crypto/provider/AESCipher$AES128_CBC_NoPadding.class.P.J.@..mc.....*....CCEDP....JZ...J.,u%.M[.<....?J|..B...aw..?>..b.@......t4tl3.....+.b....9I....!...'\......O.j.oE..z7.#.g.:/.2....P...^..zwU...c..l..v...T....NU..!W.*.T..|L.c/..a(...]u....,..C{}.P.n.F..J.Z. ....rf.sE....|!.k....6..FU.NhPwD>#..7.....(..^*..(.>.?.2I.P.El..P...)...f..PK......'.......PK.........T.R............<...com/sun/crypto/provider/AESCipher$AES128_CFB_NoPadding.class.P.J.@..mc.....*.....""(BM..JZ.x-i..+.&l....I....Q.^...f................Ml....c..t#.Ho.......D.g....^..r..OCr.q.....u....\.=.+..;.;..7.u{=.{...=.....hi'..g.5N#;V.J.\.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):43038
                                                                                                                                                              Entropy (8bit):7.873120902608273
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:ouwfJBvF8NcfidAX76Lzl17mBxGUE5IfBFrN6gZwV510HpkF0iyM8re/eGO9vr0D:ouwfJxmNcuAX76LzlUBxzIIpFrN66eTd
                                                                                                                                                              MD5:199A840D4C8163628BC069703282476F
                                                                                                                                                              SHA1:1CD2BEA3FEDC312A9B470871FE87C8F301F8EF32
                                                                                                                                                              SHA-256:FD7DE375F7CF8BB4EDEF258B73EC78966394318DF262D4CB2A22BCBEB127F8E4
                                                                                                                                                              SHA-512:01FDA70B4D77C221DD63D2A4E9EAB587C667E8AF22E920A44B64EB6208C8E96D9044D96A407A05849C2357FC2A9AA3264495AC6559DF6DF1E2DDFADD088D5AEF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/MANIFEST.MF....u.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........U.R................sun/security/mscapi/CKey.class.U.s.U...f....P>..Z..4(..EM.BC......."v..&..M..T....~...7}...0C....Wf|.?..7....._!8....{.9.{..s.y../...G....Hz8..8....`.G....8hX......U'.!=..........\.6...X.^...e.9kr..+2l.q......fa...{df....9.U....$&.......gy.q<a....N_iX.G..1..G2..+|E..$H$.+...6..'._qB..uk....pI..c.n.b#S.x.].J...S...jVw..#..\..q4xj.gKt.r....:....N..&Fmc.......W.2..GkZOs.<+.......r.[97O.i>Z..n..9.m.(Xc..;....c...E#....?..6....?..(m.....8.....=.rX.na...#.l.....^|....]2.e..xFF..ge....y......Sk...+...I=].Dm.t..52TS.c.^u.d..I=v.}....4..jY.V...g4.....d.URti...6..@.s.UhPT4...+*v"."...($...W...T..l....*v...G..EB.1...q.G......C.a4.N$C.......o(..0\.n..G.F.jE...y.Q..ij

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):22155
                                                                                                                                                              Entropy (8bit):6.586526559152156
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:LnW+lH/HBPpyuH75nreZzZixpfieL68CqEgjpdcnGGx5Lc:zp/HBPpHH75nreZzZip6025LI
                                                                                                                                                              MD5:4EA26F1BE03D62F5170C551398913C5C
                                                                                                                                                              SHA1:B633DE9990E519DD878B5EB20E4F4D0441F96ACA
                                                                                                                                                              SHA-256:9BF43B7DD1E1AA0270E6C250674A8C0D651AB85463AB0337BF09F04E574B6183
                                                                                                                                                              SHA-512:E8A0604FF89F570B2291E2192E4E9853981C867F60D471829E7D286C1B9C51DB9AFC31B52CA5E0428A2BC1C44FF7D875E1FDB7D6EFB413B92D979B6F49AEDFB2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................]#.............F..!......4"...............................................................................................H.......'(.......W.."................ ............. .."!................................................................&........................+.... ...........&).........................................................................................................................................................................................#................................. ..................................................................................................................).!................................)........................................................................................................................%...................0..... ............"....... ....................&...."...... ............."/..................................................".............................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):269482
                                                                                                                                                              Entropy (8bit):7.953400061105954
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:XbU8EGhBiJmRsvpmw3AzKdHgS3GvAopVqv08sx:LUHGjiIRgldAS3mAWgA
                                                                                                                                                              MD5:AF127A77A8798A63DE54967AF500C655
                                                                                                                                                              SHA1:B4B82B535DD619607288FDFB739D1D56D6CC6C68
                                                                                                                                                              SHA-256:911970A9929E5E8A16D17ECB2884F81D5F7963636D327846E58139CBFAE04FA8
                                                                                                                                                              SHA-512:B2A94CAE4F434130BA579E3131ABEE5866B444AD7B1E7B51C1BEC037C56324EE51E4FCD9AC4B2CBB9EBF17F0DF414809A6C718250968921E789E6F45025ABD4B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/MANIFEST.MF....u.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........U.R............ ...sun/security/pkcs11/Config.class.Z.`....o.M..f.l.@ .H..fC......s`6.A+...$.qw.E.z.Rkm....E...QAkA.[[o.Zom..._...o...+....}3o..y..7.>y.w........V......*.U.<.<*.T.T....*.T....F.6..Y..T..*\...T...W.p.......U.*\..T...;T.].;T.V....Ua...U.~..U.P.!..Q..*.U.)..V.Y.^V...^U....T,Rq..N.]*..X......8]..*...L.g.8[.9*.Uq...U\...*.R.{*...z.[UlS.....U.P.G*^..*.....F.....;.B..u.BO......)S.;B..zS....C..f.z...(.^......Z..[.....X.D...^**E..%...R...K....S=.B...?.RTmT...I].F...:...iDI.Bj.jwY).<.-3g. ..NO.y......a3.\.s~3....R..F.Y...h..{.;=....._..>...p.......T...l.Bv..%.....s.....Ba.....u......*_...^YU...qm....jc.*.SY.P....Uvu...=$K.=..l.g!i..1.m<e...9..^U.7.Y.W.....-.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):168111
                                                                                                                                                              Entropy (8bit):6.586612699667028
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:R+/ZoB/6tYyDMjoE0gtsxYZ4tn5NB/5WGob44j44L4EnkQ4444xvqhfCM/G7vpsT:RsViDpsxCehZC8EmYbykjuyWvO8V9P
                                                                                                                                                              MD5:593DE57A7ABD58E4F31AC663254F85E0
                                                                                                                                                              SHA1:0684301A3B0433B51EBA019C20560090D79EDA15
                                                                                                                                                              SHA-256:3490E4A3CE662DAECCC19AEE199E22833F60A5E0F3743FFC99A80BA9B7BE169C
                                                                                                                                                              SHA-512:2389CCC97199D64AC81D61C0DE67EA25DADEC0BC60B741DE1247E1B718E5559A7348EB7E52E98E9ED7E20970495409FD8B075DC9D7F3EC1FD0F8733FCBACC19B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..........%.....]|...2.................C....9.4{.,^...........................................................&.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\flavormap.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3928
                                                                                                                                                              Entropy (8bit):4.86616891434286
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:pTgwOsORUjdjTD6QfxWkVIyiVyV2mjuVwwY:Jgw5TjdjTtpWk6ylV2zwwY
                                                                                                                                                              MD5:D8B47B11E300EF3E8BE3E6E50AC6910B
                                                                                                                                                              SHA1:2D5ED3B53072B184D67B1A4E26AEC2DF908DDC55
                                                                                                                                                              SHA-256:C2748E07B59398CC40CACCCD47FC98A70C562F84067E9272383B45A8DF72A692
                                                                                                                                                              SHA-512:8C5F3E1619E8A92B9D9CF5932392B1CB9F77625316B9EEF447E4DCE54836D90951D9EE70FFD765482414DD51B816649F846E40FD07B4FBDD5080C056ADBBAE6F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# This properties file is used to initialize the default.# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-.# specific, default mappings between common Win32 Clipboard atoms and platform-.# independent MIME type strings, which will be converted into.# java.awt.datatransfer.DataFlavors..#.# These default mappings may be augmented by specifying the.#.# AWT.DnD.flavorMapFileURL .#.# property in the appropriate awt.properties file. The specified properties URL.# will be loaded into the SystemFlavorMap..#.# The standard format is:.#.# <native>=<MIME type>.#.# <native> should be a string identifier that the native platform will.# recognize as a valid data format. <MIME type> should specify both a MIME.# primary type and a MIME subtype separated by a '/'. The MIME type may include.# parameters, where each parameter is a key/value pair separated by '=', and.# where each parameter to the MIME type is separated by a ';'..#.# Because SystemFlavorMap implements Flavor

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\fontconfig.bfc

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:raw G3 (Group 3) FAX
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3778
                                                                                                                                                              Entropy (8bit):4.414193396978289
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:iX1WWWWctdpSD55JAQ7Wn6JBl7BWBBTirVYa5qaZcZFRj2:iX1WWWWc3U5OsvfuBTi5KK
                                                                                                                                                              MD5:48B8858D27494A66594B59695D6DC60B
                                                                                                                                                              SHA1:1D3BFF1E17EF6B5563CBD0762C2867B36FBDAD95
                                                                                                                                                              SHA-256:3F1792188AE901ECA47B64728776D35095DC0220D5C929D0DA99A2427877C3B2
                                                                                                                                                              SHA-512:5D814990CFF9F787723C629E22B30A2ABFC9C8DF0A712C2A7CB7B11EC52DDB083CB67C2158EEEA2CC03D763AA308C9A271AC7CB7C88A96E4E4C029DD95B7656C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...&.........:.^.p.........#.a...........;.<.:.=.0.7./.5.1...6.2.>.9.-.3.8.4................................................................................................................................................................................. .!............. .!.................................................................................D.@.I.E.A.J.G.B.F.H.?.C...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.].\.P.Q.K.^.Z.f._.T.R.[.L.U.O.`.a.b.e.S.M.h.V.g.X.N.c.W.Y.d.i.o...l.v.}.......m.x.r.p.~...t...q...w.j.z.....n.y.|.k.s...u...{.............................................................................................................................................................".......#........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y...........................................................%.,.>.F.P._.l.~.............................%./.;.E.P.Z.e.o.z.............................'

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\fontconfig.properties.src

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11575
                                                                                                                                                              Entropy (8bit):5.215183795812278
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:XThf+e6a1nsNi8bTeOiO/Ywca9nB2RwhCdvBQGuo6wj:XThflnHIR9B2Rwhifj
                                                                                                                                                              MD5:D4D5981664D4CB0EBCB6F3BF63505B29
                                                                                                                                                              SHA1:4720B7407706F4E0D80CB458194E74F8FC3B83F1
                                                                                                                                                              SHA-256:F13DF9360E93B24820B24652473F6CB0F4F70FC346AA3B408ACB94ED59CAC0AC
                                                                                                                                                              SHA-512:3658FF76C882511E7EE3821BBD31C3CE0D3FF263CE5F69659F54732667CBB9148ADFBD0BBAEA916071E1D38DB671BF6DDAC84DDD3362CFF0DDF21C7CC1240DF2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# .# Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor,

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\hijrah-config-umalqura.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):14959
                                                                                                                                                              Entropy (8bit):3.6828553232288717
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:S8ThI1EgZass+YXdGOS8NhN9Yd9Yq67IwOYUuUS9O0:bThpyJO/BFi9YqAInYUuUmO0
                                                                                                                                                              MD5:7B451352F9F9EAC657D963C5D2921DDA
                                                                                                                                                              SHA1:D8C664AC3E18A044465B4F76311661A4F7F045A2
                                                                                                                                                              SHA-256:3456982DE9EBA535337852F02852E26E4ED197EBD9D8356977E6DA4ED9075538
                                                                                                                                                              SHA-512:822BE7D4E40408DCB0788EFC521FB13EAF3650DB4F934CFBD37D00C0026D35D254CF415D5AD7273C78FCED84A582BCCF101E413C0686095CDDE4BFA93F883E13
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Boston, MA

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\cursors.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1280
                                                                                                                                                              Entropy (8bit):4.9763389414972465
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:RlwQtG0Bf29d3ptAMZGpfFGZWpHN07mBpQKf4TpxV4jp504Tz8pFMafpXs:RlwQM0BfEpZSKyCycXW44Cfy
                                                                                                                                                              MD5:269D03935907969C3F11D43FEF252EF1
                                                                                                                                                              SHA1:713ACB9EFF5F0B14A109E6C2771F62EAC9B57D7C
                                                                                                                                                              SHA-256:7B8B63F78E2F732BD58BF8F16144C4802C513A52970C18DC0BDB789DD04078E4
                                                                                                                                                              SHA-512:94D8EE79847CD07681645D379FEEF6A4005F1836AC00453FB685422D58113F641E60053F611802B0FF8F595B2186B824675A91BF3E68D336EF5BD72FAFB2DCC5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.#.# Cursors Properties file.#.# Names GIF89 sources for Custom Cursors and their associated HotSpots.#.# Note: the syntax of the property name is significant and is parsed.# by java.awt.Cursor.#.# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>.# Cursor.<name>.<geom>.HotSpot=<x>,<y>.#. Cursor.<name>.<geom>.Name=<localized name>.#.Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif.Cursor.CopyDrop.32x32.HotSpot=0,0.Cursor.CopyDrop.32x32.Name=CopyDrop32x32.#.Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif.Cursor.MoveDrop.32x32.HotSpot=0,0.Cursor.MoveDrop.32x32.Name=MoveDrop32x32.#.Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif.Cursor.LinkDrop.32x32.HotSpot=0,0.Cursor.LinkDrop.32x32.Name=LinkDrop32x32.#.Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif.Cursor.CopyNoDrop.32x32.HotSpot=6,2.Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32.#.Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif.Cursor.MoveNoDrop.32x32.HotSpot=6,2.Cursor.MoveNoDrop.32

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\invalid32x32.gif

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):153
                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\win32_CopyDrop32x32.gif

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):165
                                                                                                                                                              Entropy (8bit):6.347455736310776
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                              MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                              SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                              SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                              SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\win32_CopyNoDrop32x32.gif

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):153
                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\win32_LinkDrop32x32.gif

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):168
                                                                                                                                                              Entropy (8bit):6.465243369905675
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                              MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                              SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                              SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                              SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\win32_LinkNoDrop32x32.gif

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):153
                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\win32_MoveDrop32x32.gif

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):147
                                                                                                                                                              Entropy (8bit):6.147949937659802
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                              MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                              SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                              SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                              SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\images\cursors\win32_MoveNoDrop32x32.gif

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):153
                                                                                                                                                              Entropy (8bit):6.2813106319833665
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                              MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                              SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                              SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                              SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jce.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):97684
                                                                                                                                                              Entropy (8bit):7.891576265101975
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:yzVeNOC2BVP8atTy3Du94Yt6se6sjFyYGi/VCnU0w/bLL511bswsJ/GKMzF9uvyY:lj2BVPUu94GGjgGVCWF11bsfcrK
                                                                                                                                                              MD5:71853F0B9352A5EA4697200B78B65205
                                                                                                                                                              SHA1:5B0BD0B8693FC7ED5700FFC4C089817D37B8255F
                                                                                                                                                              SHA-256:E331D24D47DEEDE7164B9B5F905C2EB7ED9DF714B07BB4AF459B877DD9DE8D64
                                                                                                                                                              SHA-512:104A0DF5B3BB77A554B18A8E8C9CEA2736FF39C25D1B429642A10D1D921CE1F4252EF4D9ADB0B503502992E56A50FB39D65F90AB8127269F108F9914A8E22A7F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MFu.AK.1.....9*.X.Ts..V..+^%dg!.L.d.t....j.z..x.{..|...3.......)....Hly:.'........G...|N4Cg.I.R/^..J.}..w.}..l.![...).)..~...`.K9B.k.....\...KQ.aB6GF.....).u.<j......)..-c.V..e.....`?..X..!./..1.......PK...%P....q...PK.........T.R............&...javax/crypto/AEADBadTagException.classm..J.@....[$............."Bk..d(#qR.T.c.*...|.....?A\..s~..w..}...8D.F.+FV-.YX'Tc.)..2.U....&.:.....W.S..<....l~..gJ..m.\'.%..WZ.L.F2..Q.N........;.$Rz|j.. .F..T..h.......7..$.'..X.6......9^.4IB..".......A.Y.5@.B.....2X.E....N.'..7..4Pb...Z|.^.......I..#...q.1;.....PK..|99.........PK.........T.R............&...javax/crypto/BadPaddingException.classmOKJ.A.........+.Bb.G!+..... B4..L.Z..3#..<....<.{..E..Cp!...W........@.u.9,YX.b..UB-.F.` M.B}wyJ.+B...(.:.. .......L(.*..cB..= ./....:y.Js+..+.f.^<.7.z..c...c.N?L.'.5....F.>/.&.....].+.....a....3.q...$.[iU$..x.^H-.....

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1922222
                                                                                                                                                              Entropy (8bit):5.953859640012299
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:zerrFNscXI7N6xUx6lysoWkId+0i7cWkosIpImfDX9rt:zqrgF6lHx+xkoxXRrt
                                                                                                                                                              MD5:F6F84176EF383688B6C8EBA60336A57C
                                                                                                                                                              SHA1:F2C7E6A66C7C34D4C0005C89A533454EECF9B007
                                                                                                                                                              SHA-256:3DAB1640802F083348C4AB929BFE2E4C8FE7757236B4550A81679D93CF0ED114
                                                                                                                                                              SHA-512:AEAF0DA0334882B80B28DE29D5F2A0E40BA8AE8D1FCD67E67AB0A3EE8B2948D2E6DF6C153EA860871D5CF2EC5B97484A6C3050B9446E6D2249C353DD488DD5B8
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R .M0...0.......META-INF/MANIFEST.MF....Manifest-Version: 1.0..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_292..Specification-Vendor: Oracle Corporation..Specification-Title: Java Platform API Specification..Specification-Version: 1.8..Created-By: 1.8.0_282 (Azul Systems, Inc.)..Implementation-Vendor: N/A....PK.........U.RJ..E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4.....()V...()Z...<init>...J..%com/sun/net/ssl/internal/ssl/Provider...install...isFIPS...serialVersionUID...sun/security/ssl/SunJSSE.,..c".J-.........(Ljava/lang/String;)V...(Ljava/security/Provider;)V...........................................Code...ConstantValue...LineNumberTable...Provider.java...SourceFile.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.).......................................8.)...................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):374065
                                                                                                                                                              Entropy (8bit):6.656050284718198
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:NW31G1XEPjwafKNYge+i0mca9KZfH9D0GCCCCbNuamI+o3Uz3U5am8zEXECb1kb2:w3EhafeYg3cceKZfHTuf55rkA8
                                                                                                                                                              MD5:048AFC64953480883554A6B3135DE599
                                                                                                                                                              SHA1:A7C088C61B0178661012F10802E2DE4D3EAEC762
                                                                                                                                                              SHA-256:E935FA86AED1296E44C9B59AEEE8D75FD8670D6CE23C1ED418E9AF8CC862E9E2
                                                                                                                                                              SHA-512:D6ADBA78DE8FB253F350D1098C54D0824A01E212C6499D8A666A26ED450CEA4A2F6413AC9F47717D7781F25D5AC4BAC61E094AB1BA199D556EA8E789FDD48224
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:..........X.....]....U......$.....0...'....4....w...zC+.++.......+.+.*.........................................................................................8(..%.........u.............). ..................("......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jvm.hprof.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Algol 68 source, ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4226
                                                                                                                                                              Entropy (8bit):4.708892688554676
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:CYrYJDrYJ+RvJ3z3d9uGG7hPxTRnhTbraYfwE5DyK:CYrsDrsgvJ3z3buGG7LvSmhDz
                                                                                                                                                              MD5:C677FF69E70DC36A67C72A3D7EF84D28
                                                                                                                                                              SHA1:FBD61D52534CDD0C15DF332114D469C65D001E33
                                                                                                                                                              SHA-256:B055BF25B07E5AC70E99B897FB8152F288769065B5B84387362BB9CC2E6C9D38
                                                                                                                                                              SHA-512:32D82DAEDBCA1988282A3BF67012970D0EE29B16A7E52C1242234D88E0F3ED8AF9FC9D6699924D19D066FD89A2100E4E8898AAC67675D4CD9831B19B975ED568
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions.are met:.. - Redistributions of source code must retain the above copyright. notice, this list of conditions and the following disclaimer... - Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... - Neither the name of Oracle nor the names of its. contributors may be used to endorse or promote products derived. from this software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS.IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,.THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR.PURPOSE ARE DISCLAIMED.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\logging.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2455
                                                                                                                                                              Entropy (8bit):4.47026133037931
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:EmdS5PQQL8pRNYHjVsnkYXxtOGh1xdvjMgxH:G9NL3HjVLG1XrM8H
                                                                                                                                                              MD5:809C50033F825EFF7FC70419AAF30317
                                                                                                                                                              SHA1:89DA8094484891F9EC1FA40C6C8B61F94C5869D0
                                                                                                                                                              SHA-256:CE1688FE641099954572EA856953035B5188E2CA228705001368250337B9B232
                                                                                                                                                              SHA-512:C5AA71AD9E1D17472644EB43146EDF87CAA7BCCF0A39E102E31E6C081CD017E01B39645F55EE87F4EA3556376F7CAD3953CE3F3301B4B3AF265B7B4357B67A5C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:############################################################.# .Default Logging Configuration File.#.# You can use a different file by specifying a filename.# with the java.util.logging.config.file system property. .# For example java -Djava.util.logging.config.file=myfile.############################################################..############################################################.# .Global properties.############################################################..# "handlers" specifies a comma separated list of log Handler .# classes. These handlers will be installed during VM startup..# Note that these classes must be on the system classpath..# By default we only configure a ConsoleHandler, which will only.# show messages at the INFO and above levels..handlers= java.util.logging.ConsoleHandler..# To also add the FileHandler, use the following line instead..#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler..# Default global logging level..# This

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\management-agent.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):382
                                                                                                                                                              Entropy (8bit):4.956380823261728
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:5j13lkB4r/Rj13lczbdy/zsOw1a3fUaUZTXZ5vTxx13lqm4x13dl5lgxmzbdGh/7:5j13lkGJj13l4qzjy8fuTfTxn3lOn3de
                                                                                                                                                              MD5:378BC61C3E065400B48E5C00142AAE8E
                                                                                                                                                              SHA1:1163433B8A8F6BAB795AFF2BB0FE52C54BE95F27
                                                                                                                                                              SHA-256:6651C2A110AD51863EF6F2C89F6F00E833AD7D67F58D2C0D352FA4CA32701D85
                                                                                                                                                              SHA-512:3BAE337484C328CEE8757439D335536D2DE69CD2CD66E22AD34B6D351592365212989B1D51888B0CD7EE5571670BC27FCEFA057A16BA2151731965E640E08B9F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3...(J.M...u.I,..R(....M.KLO.M.+.sL...\`........].J...z..F.F...U.9....%...:..y.z..\.\.PK..8*.Pl.......PK...........U.R..............................META-INF/....PK...........U.R8*.Pl.....................=...META-INF/MANIFEST.MFPK..........}.........

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\management\jmxremote.access

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3998
                                                                                                                                                              Entropy (8bit):4.420205717459709
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:OWi7j79eK8MCN/xK4ijnv+wtosJj/D9mQyZWZuQgQX+dv:OWiv7b8rNXE+wusxr9m5WZuVDv
                                                                                                                                                              MD5:F63BEA1F4A31317F6F061D83215594DF
                                                                                                                                                              SHA1:21200EAAD898BA4A2A8834A032EFB6616FABB930
                                                                                                                                                              SHA-256:439158EB513525FEDA19E0E4153CCF36A08FE6A39C0C6CEEB9FCEE86899DD33C
                                                                                                                                                              SHA-512:DE49913B8FA2593DC71FF8DAC85214A86DE891BEDEE0E4C5A70FCDD34E605F8C5C8483E2F1BDB06E1001F7A8CF3C86CAD9FA575DE1A4DC466E0C8FF5891A2773
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:######################################################################.# Default Access Control File for Remote JMX(TM) Monitoring.######################################################################.#.# Access control file for Remote JMX API access to monitoring..# This file defines the allowed access for different roles. The.# password file (jmxremote.password by default) defines the roles and their.# passwords. To be functional, a role must have an entry in.# both the password and the access files..#.# The default location of this file is $JRE/lib/management/jmxremote.access.# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# (See that file for details).#.# The file format for password and access files is syntactically the same.# as the Properties file format. The syntax is described in the Javadoc.# for java.util.Properties.load..# A typical access file has multiple lines, where each

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\management\jmxremote.password.template

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2856
                                                                                                                                                              Entropy (8bit):4.492265087792545
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:MGS+Hpamow7YNkjP9YZAuFovuAnNpG1GMV/BWEUHXYE9nN6k5:Mdm7RT9tvuAnujaE0rN6g
                                                                                                                                                              MD5:7B46C291E7073C31D3CE0ADAE2F7554F
                                                                                                                                                              SHA1:C1E0F01408BF20FBBB8B4810520C725F70050DB5
                                                                                                                                                              SHA-256:3D83E336C9A24D09A16063EA1355885E07F7A176A37543463596B5DB8D82F8FA
                                                                                                                                                              SHA-512:D91EEBC8F30EDCE1A7E16085EB1B18CFDDF0566EFAB174BBCA53DE453EE36DFECB747D401E787A4D15CC9798E090E19A8A0CF3FC8246116CE507D6B464068CDB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# ----------------------------------------------------------------------.# Template for jmxremote.password.#.# o Copy this template to jmxremote.password.# o Set the user/password entries in jmxremote.password.# o Change the permission of jmxremote.password to read-only.# by the owner..#.# See below for the location of jmxremote.password file..# ----------------------------------------------------------------------..##############################################################.# Password File for Remote JMX Monitoring.##############################################################.#.# Password file for Remote JMX API access to monitoring. This.# file defines the different roles and their passwords. The access.# control file (jmxremote.access by default) defines the allowed.# access for each role. To be functional, a role must have an entry.# in both the password and the access files..#.# Default location of this file is $JRE/lib/management/jmxremote.password.# You

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\management\management.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):14630
                                                                                                                                                              Entropy (8bit):4.568210341404396
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:Fqsmpsj42wbZTHV+Dq3xtP3xPqaNC/R1a:wsmpsjL0ZTHV++3xtpi68Xa
                                                                                                                                                              MD5:5EDB0D3275263013F0981FF0DF96F87E
                                                                                                                                                              SHA1:E0451D8D7D9E84D7B1C39EC7D00993307A5CBBF1
                                                                                                                                                              SHA-256:3A923735D9C2062064CD8FD30FF8CCA84D0BC0AB5A8FAB80FDAD3155C0E3A380
                                                                                                                                                              SHA-512:F31A3802665F9BB1A00A0F838B94AE4D9F1B9D6284FAF626EBE4F96819E24494771A1B8BFE655FD2DA202C5463D47BAE3B2391764E6F4C5867C0337AA21C87C1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#####################################################################.#.Default Configuration File for Java Platform Management.#####################################################################.#.# The Management Configuration file (in java.util.Properties format).# will be read if one of the following system properties is set:.# -Dcom.sun.management.jmxremote.port=<port-number>.# or -Dcom.sun.management.snmp.port=<port-number>.# or -Dcom.sun.management.config.file=<this-file>.#.# The default Management Configuration file is:.#.# $JRE/lib/management/management.properties.#.# Another location for the Management Configuration File can be specified.# by the following property on the Java command line:.#.# -Dcom.sun.management.config.file=<this-file>.#.# If -Dcom.sun.management.config.file=<this-file> is set, the port.# number for the management agent can be specified in the config file.# using the following lines:.#.# ################ Management Agent Port ################

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\management\snmp.acl.template

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3376
                                                                                                                                                              Entropy (8bit):4.371600962667748
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:MkX7W6+IX6XXZAHAvuAn97+onkFOqRCjEhd//SVBteM8hq/unuxsIsxuEAJw2n:MU6bpjvuAnEokSIU/uuxJn
                                                                                                                                                              MD5:71A7DE7DBE2977F6ECE75C904D430B62
                                                                                                                                                              SHA1:2E9F9AC287274532EB1F0D1AFCEFD7F3E97CC794
                                                                                                                                                              SHA-256:F1DC97DA5A5D220ED5D5B71110CE8200B16CAC50622B33790BB03E329C751CED
                                                                                                                                                              SHA-512:3A46E2A4E8A78B190260AFE4EEB54E7D631DB50E6776F625861759C0E0BC9F113E8CD8D734A52327C28608715F6EB999A3684ABD83EE2970274CE04E56CA1527
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# ----------------------------------------------------------------------.# Template for SNMP Access Control List File.#.# o Copy this template to snmp.acl.# o Set access control for SNMP support.# o Change the permission of snmp.acl to be read-only.# by the owner..#.# See below for the location of snmp.acl file..# ----------------------------------------------------------------------..############################################################.# SNMP Access Control List File .############################################################.#.# Default location of this file is $JRE/lib/management/snmp.acl..# You can specify an alternate location by specifying a property in .# the management config file $JRE/lib/management/management.properties.# or by specifying a system property (See that file for details)..#...##############################################################.# File permissions of the snmp.acl file.##############################################

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\meta-index

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2657
                                                                                                                                                              Entropy (8bit):4.956572925418022
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:EE796OfeN4CBymXg5iRJtPm7M8Z3KJT2VSQifDGr87KA1U:Enr4uymXg5iRrPmA8xKJT2VSvfDz7KGU
                                                                                                                                                              MD5:568CDFA1DBBFB0322C1DEEC272704AC6
                                                                                                                                                              SHA1:122A8A3C7C612D9EC613C673078707C30E5FF295
                                                                                                                                                              SHA-256:A20767D8F612A84B037E96A4094F0CE3B03C41921A5F49D2D57B508A809BE837
                                                                                                                                                              SHA-512:5CF92E845D073A73CFDA3D21BCD1F4A398BC4F7BA72482F8BD7EFED4FC3F136BB60344DCD85613484D9FF150083F587102FD9BBC6F3E74DFEC72BE4F70EDF90F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/awt..sun/nio..# crs-agent.jar..META-INF/maven/com.azul.crs/crs-json-tool/pom.xml..META-INF/maven/com.azul.crs/crs-json-tool/pom.properties..META-INF/maven/com.azul.crs/crs-log/pom.properties..com/azul/..META-INF/maven/com.azul.crs/crs-z-agent/pom.xml..META-INF/maven/com.azul.crs/crs-client/pom.xml..META-INF/maven/com.azul.crs/crs-client/pom.properties..META-INF/maven/com.azul.crs/crs-shared-client-client/pom.properties..META-INF/maven/com.azul.crs/crs-shared-client-client/pom.xml..META-INF/maven/com.azul.crs/crs-z-agent/pom.properties..META-INF/crslog.channels.cfg..META-INF/maven/com.azul.crs/crs-log/pom.xml..! jce.jar..javax/crypto..sun/security..# jfr.jar..jdk/management..jdk/jfr..! jsse.jar..com/sun/net/..sun/security..! management-agent.jar..@ resources.jar..META-INF/services/javax.sound.sampled.spi.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\net.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):5352
                                                                                                                                                              Entropy (8bit):4.817652960703195
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:6AcEvVEtGObfObz3Obm0ObPOnte3CO0V+r/aJ7SFvgTzDuBnZky:YEVGG4f4z34m04Pet5m27SRgTe9f
                                                                                                                                                              MD5:8BC6628D01BAD30798440CC00F638165
                                                                                                                                                              SHA1:FD9471742EB759F4478BB1DE9A0DC0527265B6EA
                                                                                                                                                              SHA-256:31CE7CE29C66A1696A985A197195B5E051B2C243EA83E9D1DE614F0C4B4F7530
                                                                                                                                                              SHA-512:8DA3439774A07A6309F985D1A29DDA5383975BBDF6B8E2809BAB69A2C44F65D3DE2A546231ED6E183864193F834C9A7042FDCC4EE10181D0BD3891363032C242
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:############################################################.# Default Networking Configuration File.#.# This file may contain default values for the networking system properties..# These values are only used when the system properties are not specified.# on the command line or set programatically..# For now, only the various proxy settings can be configured here..############################################################..# Whether or not the DefaultProxySelector will default to System Proxy.# settings when they do exist..# Set it to 'true' to enable this feature and check for platform.# specific proxy settings.# Note that the system properties that do explicitely set proxies.# (like http.proxyHost) do take precedence over the system settings.# even if java.net.useSystemProxies is set to true...java.net.useSystemProxies=false..#------------------------------------------------------------------------.# Proxy configuration for the various protocol handlers..# DO NOT uncomment th

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\psfont.properties.ja

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3793
                                                                                                                                                              Entropy (8bit):5.260880283220047
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:R8grHIty/qHh+m2YPOWK89HoIbTUjbyuJdI2FylXLr96cpcnnI0adbEk+IqdouZ:yg8ThI1Y6CiPFylXLrMGyJU+B
                                                                                                                                                              MD5:D4C735BF5756759A1C3BC8DE408629FC
                                                                                                                                                              SHA1:67C15E05A398B4CE6409D530A058F7E1B2208C20
                                                                                                                                                              SHA-256:5A4BD51B969BF187FF86D94F4A71FDFBFA602762975FA3C73D264B4575F7C78F
                                                                                                                                                              SHA-512:8124B25DECFA64A65433FF2CE1F0F7BDF304ABE2997568ABC35264A705F07152AA993B543DA37C4132B4B1B606743C825C90A0EB17B268518D478F5CF0889062
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.#.# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, B

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\psfontj2d.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11390
                                                                                                                                                              Entropy (8bit):5.012862319190609
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:FTh7Pwn+Cyub3Ee4OECKDIcYOhAgZ50OKDQLT2IcpRuWRbHr9NRXUh/QTv9Ho39I:FThTxzubEFOEscAW5VKsCfHz8RPxGt
                                                                                                                                                              MD5:17B15D370018ACC01550175882C7DA91
                                                                                                                                                              SHA1:4EDD9E0FC3D30FBDCABCDCAAB3BC0B3157FC881E
                                                                                                                                                              SHA-256:780C565D5AF3EE6F68B887B75C041CDF46A0592F67012F12EEB691283E92630A
                                                                                                                                                              SHA-512:E4EE92D4598385CB2F6F3A4DB91DDABD7E615DC105ED26CDC5B5598D01C526CEA7726FF93F92A308350229F2E5A5DD64CC0C38865DD97666368A330B410D4892
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.#.# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved..# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER..#.# This code is free software; you can redistribute it and/or modify it.# under the terms of the GNU General Public License version 2 only, as.# published by the Free Software Foundation. Oracle designates this.# particular file as subject to the "Classpath" exception as provided.# by Oracle in the LICENSE file that accompanied this code..#.# This code is distributed in the hope that it will be useful, but WITHOUT.# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or.# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License.# version 2 for more details (a copy is included in the LICENSE file that.# accompanied this code)..#.# You should have received a copy of the GNU General Public License version.# 2 along with this work; if not, write to the Free Software Foundation,.# Inc., 51 Franklin St, Fifth Floor, Boston,

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\resources.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3518599
                                                                                                                                                              Entropy (8bit):6.067553438989829
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:6k07pJDHxk7i2H9ER5Ecwup6s4zCd0nbDpEQbIFGEILmPVeawDeEBGSmPh8DIII/:BKlEw
                                                                                                                                                              MD5:8EBCC8E887ACEB4730DABDE8D9BE30FE
                                                                                                                                                              SHA1:11EDF4DE7C57E611E3B0592AE8D14851EAB0656C
                                                                                                                                                              SHA-256:21C5E43EB5C462CFAF8BC001D52D158B7A43B684885054D3EE7AEE112B688999
                                                                                                                                                              SHA-512:8C61A19CFEE3E50B4DE4F9D75484C442D81576A922AAF14D412DB3192161ADF30B8D79F9D55DEC66D7298D0BD79B0B74400114816D204D6AEBE3B36BACB8B9D4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/....PK.........U.R .M0...0.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_292..Specification-Vendor: Oracle Corporation..Specification-Title: Java Platform API Specification..Specification-Version: 1.8..Created-By: 1.8.0_282 (Azul Systems, Inc.)..Implementation-Vendor: N/A....PK........VT.R....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK........VT.R..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.image/x-xwindo

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):63094732
                                                                                                                                                              Entropy (8bit):6.001405509443261
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:393216:9oGPA0w3QOBD+FIanklJC3uKqr5X3bPhm5KyQDWx1a:9oGPA0VOYD9Fqr5X3bPhm5KyQDWx1a
                                                                                                                                                              MD5:23DEE8AF220EF5456F13243B12E32F34
                                                                                                                                                              SHA1:80178198D2DE7EDDF8CD326F9AEEB76D68964EB1
                                                                                                                                                              SHA-256:0765806EF391CE68770CE1456DBA66541C73F49BBD13AB1009A8D2AA8C915C29
                                                                                                                                                              SHA-512:F68E75994DCEFC504334E054FD852A754441F3E748D7F2FDF7C064660DF85DABE5402B6377E623E68D715723904364197A5F59F3B95B15DC3B88FC1B32556301
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R.\..............META-INF/MANIFEST.MF....Manifest-Version: 1.0..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_292..Specification-Vendor: Oracle Corporation..Specification-Title: Java Platform API Specification..Specification-Version: 1.8..Created-By: 1.8.0_282 (Azul Systems, Inc.)..Implementation-Vendor: N/A....Name: javax/swing/JRadioButton.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JWindow.class..Java-Bean: True....Name: javax/swing/JRadioButtonMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JMenuBar.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JTable.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JTabbedPane.class..Java-Bean: True....Name: javax/swing/JPanel.class..Java-Bean: Tru

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar.p2

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:JAR compressed with pack200, version -85.0
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):16432129
                                                                                                                                                              Entropy (8bit):6.581214260122544
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:196608:auLt6KSgAA4DAVQPZbnevjz0V8NtaJTTFmFkoll/o:LQKPAA4DAVQPZbnevjIAkollg
                                                                                                                                                              MD5:D538BEEF841A0BF0BD057E663FA74048
                                                                                                                                                              SHA1:3F1A1351B0E66357F7A2F9F9BC85C1A7606F2FA3
                                                                                                                                                              SHA-256:D97E1A6356E7531E94C1A4457D9E3F41141408A397D4B06F5618D34CB50B423B
                                                                                                                                                              SHA-512:3AEFD51AEA1C1274AC2CD5B9716D8B198B79FE39D5D4B218ED3A23D159A75C9C35F13A59F0D9BDBC41B3D72EAB23454FC7478868DF6831FCABF64727125508BB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...........;.....].B...'.*.(.!.....................{.........n.4......z.-,...++....:.-..JJ)..).+4..2+{T..-+.*+-+{...*)...*.+..3.+.*+*....qaI)...............................T/..-.............#$.....#$..................)....#......................................*-$.......*5('.....................................-J.9...................F......?....................................................................................................:..9................................................................................................................................................................&!.................................B................................................................................................................ .=............ ..............$.........!................................................................................................................................................"@..............................................(.......@...

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\blacklisted.certs

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2488
                                                                                                                                                              Entropy (8bit):4.089749677426746
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:NvY6cQYAcJrrDQPUs4M4eKaZp2bKj4j/DCxqhDlCEof4eS/b:NvY6meUTM4eKaZp2Hj/M8CEO4eQ
                                                                                                                                                              MD5:19E78890D61C0DFC65B291341C08BEBA
                                                                                                                                                              SHA1:EE0288462FC32992A0F9DFAB5AEB3385412F0C4F
                                                                                                                                                              SHA-256:96572F243F31C2EF81A6E627542E596F6A9295CFF3C7AE095C1B595CB1457DED
                                                                                                                                                              SHA-512:C6D8D4EE0EB7EEB14532512FF4310DFF9DD4F31D112716FC67A1052D37EEF18D4BD6EB58301C76167AD35D31E73F5B28993F4DA8C5DE2DBE3836A5EF7E9C8B7E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Algorithm=SHA-256.03DB9E5E79FE6117177F81C11595AF598CB176AF766290DBCEB2C318B32E39A2.08C396C006A21055D00826A5781A5CCFCE2C8D053AB3C197637A4A7A5BB9A650.14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD.1C5E6985ACC09221DBD1A4B7BBC6D3A8C3F8540D19F20763A9537FDD42B4FFE7.1F6BF8A3F2399AF7FD04516C2719C566CBAD51F412738F66D0457E1E6BDE6F2D.2A464E4113141352C7962FBD1706ED4B88533EF24D7BBA6CCC5D797FD202F1C4.31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133.3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66.3E11CF90719F6FB44D94EAC9A156B89BEBE7B8598F28EC58913F2BFCAF91D0C0.423279423B9FC8CB06F1BB7C3B247522B948D5F18939F378ECC901126DE40BFB.450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2.4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE.4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176.535D04DFCE027C70BD5F8A9E0AD4F218E9AFDCF5BBCF9B6DE0D81E148E2E3172.568FAF38D9F155F624838E2181B1CEB4D8459305EE652B0F810C97C3611BFE19.585CFE6

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\cacerts

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java KeyStore
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):161500
                                                                                                                                                              Entropy (8bit):7.640849249254984
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:2FWRR6Upv9N0Wju14H1UbiEJ2vtCU9ly8pqrtV+SLZ:xyUpv9zjb1gJ2F5pqJV+6
                                                                                                                                                              MD5:3C75635BF0BDC4AF0ED6FE0B24FD28DB
                                                                                                                                                              SHA1:29328FC6B4DA24F66E4DC8D6BBAD2D3CCC185F4D
                                                                                                                                                              SHA-256:29DC7D02D3EEBC9B5E9F3CB8783C4ADCE394E45C8EE00BF311DA28955F9DDEF7
                                                                                                                                                              SHA-512:A09D6AA19C2C6201E0B5E6AC491FC7B1ACE17B8C4669202032B9401922A387EB13BDE7778F63B2A85A88DF63589AFF350642467E6FDBACB229D30E367BA8EF36
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................."cert_100_trustcor_rootcert_ca_1100...x..6...X.509...40..00.............q....0...*.H........0..1.0...U....PA1.0...U....Panama1.0...U....Panama City1$0"..U....TrustCor Systems S. de R.L.1'0%..U....TrustCor Certificate Authority1.0...U....TrustCor RootCert CA-10...160204123216Z..291231172316Z0..1.0...U....PA1.0...U....Panama1.0...U....Panama City1$0"..U....TrustCor Systems S. de R.L.1'0%..U....TrustCor Certificate Authority1.0...U....TrustCor RootCert CA-10.."0...*.H.............0..............&.k3..@X..Y.......P{.. &.2..#TI%."..F...N..,.8..%h..Z....H...t>i..x.....^...'zR.-..a$.....R..$....~.t...l)..Q...W.....$K*......~B:...S.h..L.p?.J,..&.ci....N.G.....M.ln.`...!....s..w.E.Z&.fvv...am.U...Vr.......d..Z..p.$..(.+.j..z..y..e.......c0a0...U.......kI<z?........s3P.0...U.#..0....kI<z?........s3P.0...U.......0....0...U...........0...*.H.............%........S.-D)...k1.M...=\Ao.+$.y.:86..f.H....=....u? ..r.U.Md.....3..).....t..}r..\......f..f;..:.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\java.policy

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2567
                                                                                                                                                              Entropy (8bit):4.45603018852527
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:hjrUah3ontU2H+h/ic1mo8vwwQcNpIjLSkLuodAZdgh1ykt0wSDW:R4fc17wVNwltJKW
                                                                                                                                                              MD5:FB70580FC6A4B1DA1107E311ECD24550
                                                                                                                                                              SHA1:0F5615748A51CDA1D38882866D6D330B52681507
                                                                                                                                                              SHA-256:C22944481DEAB4FD7C2B7668FC9AAEDF28B2424EDD71C1FBD13100FC2A5621E6
                                                                                                                                                              SHA-512:4BA81B7F3A70846244CE486514ADACC6BECFBC702AA6E7EBF1291987EC0DCEBC6A99B126D7AA3809B65472CB4C86562C612AE1A71CB888DB75F1934C9E2D4C64
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.// Standard extensions get all permissions by default..grant codeBase "file:${{java.ext.dirs}}/*" {. permission java.security.AllPermission;.};..// default permissions granted to all domains..grant {. // Allows any thread to stop itself using the java.lang.Thread.stop(). // method that takes no argument.. // Note that this permission is granted by default only to remain. // backwards compatible.. // It is strongly recommended that you either remove this permission. // from this policy file or further restrict it to code sources. // that you specify, because Thread.stop() is potentially unsafe.. // See the API specification of java.lang.Thread.stop() for more. // information.. permission java.lang.RuntimePermission "stopThread";.. // allows anyone to listen on dynamic ports. permission java.net.SocketPermission "localhost:0", "listen";.. // "standard" properies that can be read by anyone..

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\java.security

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):51160
                                                                                                                                                              Entropy (8bit):4.830086828515538
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:Y8obod6U3O5O9Wgw2+JuN2gQ01pdYRk0z+6qLWHo69QZW93jfGgqcNhXLJyP1zV9:Y2pD2xz+6qLWI1Ze6hczoP1KkJwQ/
                                                                                                                                                              MD5:0BAD2B7D641170EF24F1820892DB1895
                                                                                                                                                              SHA1:3032321DAC0EEDAD0FD39ECBCFDE67CD2136518C
                                                                                                                                                              SHA-256:1D1C9591EBE5C4C679CCEC83DAAA66A223C2C5304801B37602F95A3671701426
                                                                                                                                                              SHA-512:AFBF39C08043EE163A253C3905822BE0368BF836DA495E3BD088D4F47A1C5C7306074D8DEC366BE02A8D1E62D70EC70D89FA85267B8203E5A3257DE95F266108
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# This is the "master security properties file"..#.# An alternate java.security properties file may be specified.# from the command line via the system property.#.# -Djava.security.properties=<URL>.#.# This properties file appends to the master security properties file..# If both properties files specify values for the same key, the value.# from the command-line properties file is selected, as it is the last.# one loaded..#.# Also, if you specify.#.# -Djava.security.properties==<URL> (2 equals),.#.# then that properties file completely overrides the master security.# properties file..#.# To disable the ability to specify an additional properties file from.# the command line, set the key security.overridePropertiesFile.# to false in the master security properties file. It is set to true.# by default...# In this file, various security properties are set for use by.# java.security classes. This is where users can statically register.# Cryptography Package Providers ("providers" fo

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\legacy8ujsse.security

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):895
                                                                                                                                                              Entropy (8bit):4.672159987972357
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:zc6sdx7nRycpTbr8OwoJP41a+SR3hcUP8sC84:65pXYfoJQfSVXi
                                                                                                                                                              MD5:AA64EF4751231E23D788E2CF0781FAB8
                                                                                                                                                              SHA1:1D78FE7D2C0432C8E6B367935D75CD9CC5F0BA67
                                                                                                                                                              SHA-256:F34EC2ACE81A667231BC8BE9D952A269B7840182308A53613DD3E950673A284C
                                                                                                                                                              SHA-512:9D138D9FC58FA22F0A3AE3CA6BD9C3C9EF9D8E4837C5AEAE2FD44DA8352D44B2C7506D30ABBB0C156E5F28E1CAC7E22E60697EE91CB56A265C428237C3C4E341
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# This is the Legacy8uJSSE provider security properties file..#.# This property file replaces standard SunJSSE provider with Legacy8uJSSE.# provider to fallback TLSv1.2 protocol functionality..# legacy8ujsse.security properties file may be specified.# from the command line via the system property.#.# -Djava.security.properties=<Path to openjsse.security>.#.# This properties file appends to the master security properties file..# If both properties files specify values for the same key, the value.# from the command-line properties file is selected, as it is the last.# one loaded..#.# Also, if you specify.#.# -Djava.security.properties==<URL> (2 equals),.#.# then that properties file completely overrides the master security.# properties file..#..#.# Legacy8uJSSE security provider in place of SunJSSE provider:.#.security.provider.4=org.openjsse.legacy8ujsse.net.ssl.Legacy8uJSSE.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\openjsse.security

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):861
                                                                                                                                                              Entropy (8bit):4.625004256741321
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:LHPBsZrIXY7nRgvFtwxp3CxSqua6tD/Or8OwbsZbsuCDs87tCUaqF7qJwYUr/sRx:1sdx7nR9/Ulr8OwoJP41a+SR3u4P8sj
                                                                                                                                                              MD5:E31CE3042128DB15A82B3EE52BF8F5B1
                                                                                                                                                              SHA1:521CB789EF0BEE21FB48182CD3B1265DD621F471
                                                                                                                                                              SHA-256:982D1D26E79A9108464E5928E043D8097BDFBA7CBCC6C2E13AD40D1FDCC2DCA0
                                                                                                                                                              SHA-512:76F291EDC30F95DBC22B365DDC85A11581199BACC34BC047861B696953BED26B9FD2098D14F16267622C219B53EEA7794F9CF8F0D16CF3ED22B1B4DA473B380A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# This is the OpenJSSE provider security properties file..#.# This property file replaces standard SunJSSE provider with OpenJSSE.# provider to enable TLSv1.3 protocol functionality..# azul.java.security properties file may be specified.# from the command line via the system property.#.# -Djava.security.properties=<Path to openjsse.security>.#.# This properties file appends to the master security properties file..# If both properties files specify values for the same key, the value.# from the command-line properties file is selected, as it is the last.# one loaded..#.# Also, if you specify.#.# -Djava.security.properties==<URL> (2 equals),.#.# then that properties file completely overrides the master security.# properties file..#..#.# OpenJSSE security provider in place of SunJSSE provider:.#.security.provider.4=org.openjsse.net.ssl.OpenJSSE.

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\policy\limited\US_export_policy.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):622
                                                                                                                                                              Entropy (8bit):5.748700324228947
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:5jJ3lkGJjJ3l4qN0W79TBmjJ3lWiHDuEq5DKxD3lOD3hw6x2m3kQ4iHC89tn:9JVkGtJVj2W9T0JV/Ha1sDVODC6xFbBV
                                                                                                                                                              MD5:4F5D618D46404875846A74C545EDAF42
                                                                                                                                                              SHA1:2C5AFE45CE1780FFECEDDBA700061A83E922A62B
                                                                                                                                                              SHA-256:30ED7E9B60926438440570FE6AB46577962E04D69E75263B409F3D100FEC0A1C
                                                                                                                                                              SHA-512:1B69EFFD550E0A640D24FB9B51D0300D53CB4A9C69FCFD7E0CA2E6EF0C72A72F035032152C080EE8C63C51F2F7A22EA8D935E69925DA9FBBE6B44F6C64989B74
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R(.....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK...'..]...a...PK.........U.R................default_US_export.policy=.1..0.E... 9@'.....(m.R;r\D..;....p!.g..............%%..b..!.+....\A2@uQc_......._q..=c..\.....?...S..PK...(T|s.......PK...........U.R..............................META-INF/....PK...........U.R.'..]...a.................=...META-INF/MANIFEST.MFPK...........U.R.(T|s.........................default_US_export.policyPK....................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\policy\limited\local_policy.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1042
                                                                                                                                                              Entropy (8bit):6.553162891884179
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:9JVkGtJVjYdTWJVDpOixvbzLTSFj/5jJVlrH358EYwOp9xDVODpxF0Q/SGp6:9JVbtJVMdTWJVDJP+p/5jJVlb3969xD7
                                                                                                                                                              MD5:90A4518AE12440131D15910FFECFA526
                                                                                                                                                              SHA1:0CED388915CBFEF7CF1988EEBDC34D0C27905B2E
                                                                                                                                                              SHA-256:D8BFFAA564EAFAA2B0244166D1D03BA48A3A000D97486E662B4D56E4F924A828
                                                                                                                                                              SHA-512:127EAB9E95184921F99827372E6AC0A4EF7F40CA9347BCB7BBF09F847DABF8B58080584DD2B00071347974F90C4C6EA8DCD035E789884027DF0C3ED0DCEBA73E
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK..i...[..._...PK.........U.R................default_local.policy...j.@.....C.A6(..<.z../.M.fd.1..J...&-.E.d..3|.........ld......x..4....../>:....b+...i./.N.EQ@.....L.B.i.B.X....RydC!P..U.>.........vWe3x*W.9l0..X.e.H.|.<..|X..a.X...+V.#r...p|.r*..s....9./p....o...]W..PK..;.=f........PK.........U.R................exempt_local.policy..N.0....Oq..!..R"*..H..;..|..,..w.+qiw...O...$./KVa..n%p..("'...e....P.4.....9..{.9F...J...1....2h.._.Is+r.Ps.+7...opq*..R..x..|YI...X.....$q...[.=.....{..E.G...Kk......\S.J.2.._...........PK.............PK...........U.R..............................META-INF/....PK...........U.Ri...[..._.................=...META-INF/MANIFEST.MFPK...........U.R;.=f..........................default_local.policyPK...........U.R............................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\policy\unlimited\US_export_policy.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):622
                                                                                                                                                              Entropy (8bit):5.748700324228947
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:5jJ3lkGJjJ3l4qN0W79TBmjJ3lWiHDuEq5DKxD3lOD3hw6x2m3kQ4iHC89tn:9JVkGtJVj2W9T0JV/Ha1sDVODC6xFbBV
                                                                                                                                                              MD5:4F5D618D46404875846A74C545EDAF42
                                                                                                                                                              SHA1:2C5AFE45CE1780FFECEDDBA700061A83E922A62B
                                                                                                                                                              SHA-256:30ED7E9B60926438440570FE6AB46577962E04D69E75263B409F3D100FEC0A1C
                                                                                                                                                              SHA-512:1B69EFFD550E0A640D24FB9B51D0300D53CB4A9C69FCFD7E0CA2E6EF0C72A72F035032152C080EE8C63C51F2F7A22EA8D935E69925DA9FBBE6B44F6C64989B74
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R(.....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK...'..]...a...PK.........U.R................default_US_export.policy=.1..0.E... 9@'.....(m.R;r\D..;....p!.g..............%%..b..!.+....\A2@uQc_......._q..=c..\.....?...S..PK...(T|s.......PK...........U.R..............................META-INF/....PK...........U.R.'..]...a.................=...META-INF/MANIFEST.MFPK...........U.R.(T|s.........................default_US_export.policyPK....................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\security\policy\unlimited\local_policy.jar

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:Java archive data (JAR)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):640
                                                                                                                                                              Entropy (8bit):5.873613178191413
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:5jJ3lkGJjJ3l4qN0W79TBmjJ3lDPWRtGQNpn7usuxD3lOD3hw6x2m3o85:9JVkGtJVj2W9T0JVDPWXNnqzDVODC6xH
                                                                                                                                                              MD5:EFDE2BFA543ED7E8FAEA62BBF07A87E5
                                                                                                                                                              SHA1:B2CCB75695CAB1A8CE85A7DF7BC0080F428F3C57
                                                                                                                                                              SHA-256:D75CDAB0A77E4F375E03354A5B360DC2DAB4094969B163CF415B990B4A5A32F1
                                                                                                                                                              SHA-512:9516F34F0CF319F9F5E6187B0B8B8874AB0F6AE9F8A391BE5A0616AF387694F2EE38E37BB8A86ED4D7070EE04574F9420917D079375A5FC676FF7BF0BEA7FF28
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:PK.........U.R................META-INF/......PK..............PK.........U.R................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r..,(....)J.K/.R(.....,IM..&...N. ..z..F.F...U.9....%...:..y.z..\.\.PK...'..]...a...PK.........U.R................default_local.policy=....0....5.]@N(.p....$....]>..w. ...23!`..b...Q..Z.6L..S...`R<.....+...$.U......f...v.......[B..d...!.J............./....s.?0.}...PK..e..c........PK...........U.R..............................META-INF/....PK...........U.R.'..]...a.................=...META-INF/MANIFEST.MFPK...........U.Re..c..........................default_local.policyPK....................

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\sound.properties

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1210
                                                                                                                                                              Entropy (8bit):4.681309933800066
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:va19LezUlOGdZ14BilDEwG5u3nVDWc/Wy:iaLGr1OsS5KnVaIWy
                                                                                                                                                              MD5:4F95242740BFB7B133B879597947A41E
                                                                                                                                                              SHA1:9AFCEB218059D981D0FA9F07AAD3C5097CF41B0C
                                                                                                                                                              SHA-256:299C2360B6155EB28990EC49CD21753F97E43442FE8FAB03E04F3E213DF43A66
                                                                                                                                                              SHA-512:99FDD75B8CE71622F85F957AE52B85E6646763F7864B670E993DF0C2C77363EF9CFCE2727BADEE03503CDA41ABE6EB8A278142766BF66F00B4EB39D0D4FC4A87
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:############################################################.# Sound Configuration File.############################################################.#.# This properties file is used to specify default service.# providers for javax.sound.midi.MidiSystem and.# javax.sound.sampled.AudioSystem..#.# The following keys are recognized by MidiSystem methods:.#.# javax.sound.midi.Receiver.# javax.sound.midi.Sequencer.# javax.sound.midi.Synthesizer.# javax.sound.midi.Transmitter.#.# The following keys are recognized by AudioSystem methods:.#.# javax.sound.sampled.Clip.# javax.sound.sampled.Port.# javax.sound.sampled.SourceDataLine.# javax.sound.sampled.TargetDataLine.#.# The values specify the full class name of the service.# provider, or the device name..#.# See the class descriptions for details..#.# Example 1:.# Use MyDeviceProvider as default for SourceDataLines:.# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider.#.# Example 2:.# Specify the default Synthesizer by it

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\tzdb.dat

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):107933
                                                                                                                                                              Entropy (8bit):7.132160854688338
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:W0Erm/ELs/bMr2mXQaRPpGS8FcSOUqBC/////2VRrcnrmOjNya5PYyZs/B:WmEO/KQQMS2JOUqJrrcvjNP5Bap
                                                                                                                                                              MD5:D3C29C477EAFBE2950BC4EA93C619AA0
                                                                                                                                                              SHA1:1C275DAFB9DA0AB8D25154D88C3EB7AE8AC2FC11
                                                                                                                                                              SHA-256:ABC6173B8CF82BF50D9A142E6D44B944B3DD84C2059010B578BAC5F31C08CA78
                                                                                                                                                              SHA-512:16B4C591C1F25DA10EB80DBD6E0DFCD7CBC16AC19AAC2BAE6EE135EF44B1B91297921DE989D9BE2E883AE58D51FCBCEA92FA8663C28E70B489C74EB534140BA5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...TZDB....2021a.X..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\tzmappings

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):9577
                                                                                                                                                              Entropy (8bit):5.17061677089257
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:qwfOC9OYOxUmHomjgDwlZ+TFXsq2H+aUHCHQj4SV0l2:qqgniTyq06a2
                                                                                                                                                              MD5:62BC9FA21191D34F1DB3ED7AD5106EFA
                                                                                                                                                              SHA1:750CC36B35487D6054E039469039AECE3A0CC9E9
                                                                                                                                                              SHA-256:83755EFBCB24476F61B7B57BCF54707161678431347E5DE2D7B894D022A0089A
                                                                                                                                                              SHA-512:AF0DDB1BC2E9838B8F37DC196D26024126AC989F5B632CB2A8EFDC29FBCE289B4D0BAC587FE23F17DFB6905CEADA8D07B18508DB78F226B15B15900738F581A3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:#.# This file describes mapping information between Windows and Java.# time zones..# Format: Each line should include a colon separated fields of Windows.# time zone registry key, time zone mapID, locale (which is most.# likely used in the time zone), and Java time zone ID. Blank lines.# and lines that start with '#' are ignored. Data lines must be sorted.# by mapID (ASCII order)..#.# NOTE.# This table format is not a public interface of any Java.# platforms. No applications should depend on this file in any form..#.# This table has been generated by a program and should not be edited.# manually..#.Romance:-1,64::Europe/Paris:.Romance Standard Time:-1,64::Europe/Paris:.Warsaw:-1,65::Europe/Warsaw:.Central Europe:-1,66::Europe/Prague:.Central Europe Standard Time:-1,66::Europe/Prague:.Prague Bratislava:-1,66::Europe/Prague:.W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:.FLE:-1,67:FI:Europe/Helsinki:.FLE Standard Time:-1,67:FI:Europe/Helsinki:.GFT:-1,6

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\readme.txt

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (347)
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1185
                                                                                                                                                              Entropy (8bit):5.084564154972492
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:urm1n9bx43UQdOXBn2vy2BvlxO41OMkOVrC+tBPfRKop0rvYaoH9yUycdy:uK9b+EUy2Jlx9OMkORC+zPfRKoTaVh
                                                                                                                                                              MD5:A063C3A29A2B79A9D1CDF3C93FD35C1C
                                                                                                                                                              SHA1:B0700504EB0BDFC3031B54FD638A8C73F7EA7C7C
                                                                                                                                                              SHA-256:D44F3200FACD3C3374296A57DFDE566C74A6C52229289B481A35AEC3678D7540
                                                                                                                                                              SHA-512:DFD243EBE27B83A4BDC016BDEC6ABBF69A80317DB21AC713372FE674E6EE7E81BBEF9EB2D902D41F9584D46B1232815D141CD8A9AEFD51033AEAD5172EE028D0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview: .. Certain portions of this software are based on source code from OpenJDK.(http://openjdk.java.net/) and licensed under the GNU General Public.License version 2 (GPLv2) with the Classpath Exception (http://.openjdk.java.net/legal/gplv2+ce.html). For a period of three years from.the date of your receipt of this software, Azul will provide upon.request, a complete machine readable copy of the source code for such.portions based on OpenJDK on a medium customarily used for software.interchange for a charge no more than the cost of physically performing.source distribution.... Please email azul_openjdk@azul.com for further information... Include this version code in your email:. zsrc8.54.0.21-jdk8.0.292 ddbdd8cb2baad6bc8ba9ee6bae1f24fec034993135733c9494216548724edf6db7c4e614b25cfd0119eb9031626c14a23e7fb053004e0733e36d3fa07bc7726c80590e135d06f3ed60679dae23afc593fda877e2c14d1f089c29cb457354cd3000427fcb2ef92f98c3530f6db0f00766cb0b39ac7ff78a7241a03c4a76e90e534

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\release

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):239
                                                                                                                                                              Entropy (8bit):5.401849592132302
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:GqN2BkKqzq8HvnetFzcxU6gEfB6lyJ7/lSlyvVN:G4sk1bPetFzSpf8lyN/lSi
                                                                                                                                                              MD5:29465B506C39FAFEEA9D83FB2072BB1F
                                                                                                                                                              SHA1:F626BCEFF5738E5B19F72D891764228C7BA345DF
                                                                                                                                                              SHA-256:76E1FA474B35D7788E4B9057C7169B58D658019C4DCEC1A81D9C02D85E488B21
                                                                                                                                                              SHA-512:FE22DFE43C193AB97EA17525DF8F80EA5CEBAAC936B886C6C6D4B860542C8A7CF22D75F07A160107E17C8E7A5069908FAD41B0908A626327D0A4D586982493F0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:JAVA_VERSION="1.8.0_292".OS_NAME="Windows".OS_VERSION="5.2".OS_ARCH="amd64".SOURCE=" .:ddbdd8cb2baa corba:35733c949421 hotspot:19eb9031626c jaxp:7bc7726c8059 jaxws:fda877e2c14d jdk:2ef92f98c353 langtools:41a03c4a76e9 nashorn:358b46c5010a".

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs\GenericUpdater-2024-04-20-05-34-06-974-pid0.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (318), with CRLF, LF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):26080
                                                                                                                                                              Entropy (8bit):5.309104284320266
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:ZmI5h6L3I2jaL+2T+N12JBvbAW6+nVYk4EHXBNLLrHjuOuCf8hMlvnyZ50B9hgqP:/aL42jSCb2JdUIHXP/u12hzqn+49Y4sz
                                                                                                                                                              MD5:36E38FAEF4D8E348D951DD9787F7FE79
                                                                                                                                                              SHA1:E5A2A216A8BA755D28FEDC503A3F856D222E7F02
                                                                                                                                                              SHA-256:5002F881619BC5DA771BB5C53A284FDD7FD523FE51F025B228AE73C1293E95A8
                                                                                                                                                              SHA-512:C18D9C89BB835231C148B0ABA7957E8BBFB5CFFA594DEAA45DAA60219EB99D6AB8C83522F58CF3D3AA805F7C216E39FF342A735C7A5FD38E3335002D8478FB70
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:84046974 (+ 0) [LogFolderCleaner] Keeping Wrapper-2024-04-20-05-32-01-330.log..84046974 (+ 0) [LogFolderCleaner] Keeping GenericUpdater-2024-04-20-05-34-06-974-pid0.log..84046974 (+ 0) [GenericUpdater] Starting..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_auto_disable_appnap=[true]..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_jre_name=[Windows64JRE]..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_language=[en]..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_match_versions=[true]..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_shpkhash=[a9c2f2f097a2503a70fadf4c4b0df13e2123bb3e5cf2151c830d8699c724a4ff8afa0ca3d32bf0a271fee71e35a4bfc3ee9...]..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_skip_system_jre=[1]..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_splash_buffer=[20]..84046974 (+ 0) [JWrapperLaunchProperty] jwdyna_splash_image=[iVBORw0KGgoAAAANSUhEUgAAASwAAADHCAYAAACjiW6AAACAAElEQVR42ux9B5xW1Zn+HRiGNjC0gaFIL9J77whI70gRQURBaaI...]..84046974 (+

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs\Remote Support-Remote Support-2024-04-20-05-33-09-717-pid7188.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (1686), with CRLF, LF line terminators
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):21893
                                                                                                                                                              Entropy (8bit):5.53289747978022
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:xmdq3hY/5jXhjxqAsiYveqRvyluS0DzFWF:xtY/5jRtqAsiYvFyluS0fFWF
                                                                                                                                                              MD5:290F33C3739232105A1218CD47A0B20A
                                                                                                                                                              SHA1:9F226E72268BB47174CBF78981A99FE9B226230F
                                                                                                                                                              SHA-256:A33778198AB5F90DEF0C3A3EA7DCA8EFE8E67BB05A213C73C6CB5B18EF371445
                                                                                                                                                              SHA-512:0E3B6080FB12FE72A3630F6518492C3367AA1BDF278CDB1FDE296B56FE77E336929844436EC0F94CA105F12F7C77C6BDF066F4E24C029AB65606190885433383
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:83989717 (+ 0) [LogFolderCleaner] Keeping Wrapper-2024-04-20-05-32-01-330.log..83989717 (+ 0) [LogFolderCleaner] Keeping Remote Support-Remote Support-2024-04-20-05-33-09-717-pid7188.log..83989717 (+ 0) [LogFolderCleaner] Keeping GenericUpdater-2024-04-20-05-34-06-974-pid0.log..83989717 (+ 0) [JWNative] Loaded C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\jwutils_win64.dll..83989717 (+ 0) [JWrapper] Running as user..83989717 (+ 0) [JWrapper] Process ID: 7188..83989717 (+ 0) [JWrapper] Environment: {USERDOMAIN_ROAMINGPROFILE=user-PC, LOCALAPPDATA=C:\Users\user\AppData\Local, PROCESSOR_LEVEL=6, USERDOMAIN=user-PC, FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer, LOGONSERVER=\\user-PC, SESSIONNAME=Console, ALLUSERSPROFILE=C:\ProgramData, PROCESSOR_ARCHITECTURE=AMD64, PSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\

                                                                                                                                                              C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs\Wrapper-2024-04-20-05-32-01-330.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (384), with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):89874
                                                                                                                                                              Entropy (8bit):5.196002869728467
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:oOpHSx0T8yjyEV8LcM5Ac1aLlYCo5fnhWAZRgF:oOkAc1aLBF
                                                                                                                                                              MD5:51FE000691320AD12638B8D90E8113D7
                                                                                                                                                              SHA1:EC16B47FBEE0B0AF57D312C7D71431A824387F73
                                                                                                                                                              SHA-256:26C72249E7F9C149C59B426B9E27984641FC3ADB9C604551051B58B4E7085D3F
                                                                                                                                                              SHA-512:F050D92104C0156932746609DF55708DF9217E106222B03FE4768FB982F7F5301A8C96F000333FFF2D20B3DC731FC11AE3B27BEFDCD7D87F8C06C50F20FB6D28
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:+0 [JREOverride] No JRE name override, will continue to use Windows64JRE..+0 [Extractor] GenericUpdater version is 00102236230..+0 [Extractor] OFFLINE wrapper: App version is 00102236241..+0 [Extractor] Checking for a latest valid GU..+0 [Extractor] No latest GU or JRE version exists, will check tail for online/offline info..+0 [Extractor] Note: No latest JRE version exists..+0 [Extractor] Note: No latest GU version exists..+0 [Extractor] Creating C:\Users\user\AppData\Roaming\JWrapper-Remote Support\logs..+0 [Extractor] Creating C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWApps..+0 [Extractor] Creating C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWAppsSharedConfig..+0 [Extractor] GU folder is C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-JWrapper-00102236230-complete..+0 [Extractor] GU temp is C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\83aa4cc77f591dfc2374580bbd95f6ba_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):45
                                                                                                                                                              Entropy (8bit):0.9111711733157262
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:/lwlt7n:WNn
                                                                                                                                                              MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                              SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                              SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                              SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................J2SE.

                                                                                                                                                              C:\Windows\Temp\hsperfdata_user-PC$\1144

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):65536
                                                                                                                                                              Entropy (8bit):1.5699072203343234
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:caYrsepgX8GjVFg709Wg6QjFVwVIZYTXCH1hzj1cV8QnmvUTG9CdraFiHvVH:caF18G5FH9WgBjTwxXCvJvE5
                                                                                                                                                              MD5:9A2E16A438712CAAE1C7B9EF4C30C761
                                                                                                                                                              SHA1:A5C8BFF52AC92BEAA737C909AC74395A1B7F6CB3
                                                                                                                                                              SHA-256:D22FF7FC30A4D5E36FC7EDB0883ABB658F8BBAB403A36BD329D1D4B550E53EE7
                                                                                                                                                              SHA-512:D93367C7E2DB2900B6C1853CAE14D19820ADA80600F268F962FE6EDCCD6E311956F76DD2758A28171BA5AACF61D0CE9CF69197FBA02876EFD770B8715FF62A65
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........xG......G.;..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                              C:\Windows\Temp\hsperfdata_user-PC$\404

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):65536
                                                                                                                                                              Entropy (8bit):1.571516809657107
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:YYbrMb8Gt/OmoGdqFVwVIZYdXnH1mWFWZfmV8QnmvUTG9CdraFiHvVH:YYe8Gt/OmoMqTwXXnVnWxvE5
                                                                                                                                                              MD5:C002E6A2321EE1413BC8773BFEACD04E
                                                                                                                                                              SHA1:B6A2A29CF26B3B8001AAA26CAF90E5111D3BB280
                                                                                                                                                              SHA-256:B72BA2BCE3933ED2BA791E7CE99CCD319EBD82226CB858663ED1A1CF992F41CF
                                                                                                                                                              SHA-512:FB96364888F7B4A693E903B5975DA94D6336616C4AD053D2D78577F49444EEA7612C674C436242ADB4150472D723610CD8CEBD77F6DD4892CB81FBFA03071E5A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........xG........9..... .......8...........J...0...sun.rt._sync_Inflations.............8...........J...0...sun.rt._sync_Deflations.............@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..........@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..........8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...

                                                                                                                                                              Static File Info

                                                                                                                                                              General

                                                                                                                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                              Entropy (8bit):7.998876009534001
                                                                                                                                                              TrID:
                                                                                                                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                              • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                              File name:SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              File size:29'866'288 bytes
                                                                                                                                                              MD5:85dba8fcede6c7f667101c4e4b392584
                                                                                                                                                              SHA1:8d13880f72226f88a3e1a6c332ac56f17af26bb9
                                                                                                                                                              SHA256:e25ef3370ff45d829134df08ca5db504716361caeda31a1ae55efe3a1be5f9b6
                                                                                                                                                              SHA512:8735ebf9ecf3c293dc8861014a8b2350c0f8ab54dccc338850adfaa2c51850f8e89c93d646816313f3934b64bdbd80910d3d4e6014131e2c09dcc19f92ac0e15
                                                                                                                                                              SSDEEP:393216:IvAtM900k3ClteCQL/IFGohs872Sa/q3TiQ8UNFUik23q9gTJwN2GEE3WyxoaL:ODkHjIF5ZySaSYUNFXk269geN2x+pGaL
                                                                                                                                                              TLSH:ED673334E2A78FB9DE2796BC904B40D7E6AAB8E70381027323F549D54F643D0951FE29
                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`..`...`...`....s..`....`..`..|>...`....c..a.......`....u..`...`..%`....|..`....r..`....v..`..Rich.`..................PE..d..

                                                                                                                                                              File Icon

                                                                                                                                                              Icon Hash:32fcf0b0b4b0fcb4

                                                                                                                                                              Static PE Info

                                                                                                                                                              General

                                                                                                                                                              Entrypoint:0x41df60
                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                              Digitally signed:true
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                              Time Stamp:0x643FD600 [Wed Apr 19 11:52:32 2023 UTC]
                                                                                                                                                              TLS Callbacks:
                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                              OS Version Major:4
                                                                                                                                                              OS Version Minor:0
                                                                                                                                                              File Version Major:4
                                                                                                                                                              File Version Minor:0
                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                              Import Hash:2bf1fc659e1e270e26d98d8a21b8f037

                                                                                                                                                              Authenticode Signature

                                                                                                                                                              Signature Valid:true
                                                                                                                                                              Signature Issuer:CN=COMODO RSA Extended Validation Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                              Error Number:0
                                                                                                                                                              Not Before, Not After
                                                                                                                                                              • 25/02/2021 00:00:00 25/02/2024 23:59:59
                                                                                                                                                              Subject Chain
                                                                                                                                                              • CN=SimpleHelp Ltd, O=SimpleHelp Ltd, STREET=Galavale, L=Broughton, S=Scottish Borders, PostalCode=ML12 6HQ, C=GB, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=GB, SERIALNUMBER=SC331902
                                                                                                                                                              Version:3
                                                                                                                                                              Thumbprint MD5:0A2FD4D1CDC852678A40CBCCFD4B7FBD
                                                                                                                                                              Thumbprint SHA-1:F23372E12D37178544ACD7448F469CCAF71AD244
                                                                                                                                                              Thumbprint SHA-256:472B1939ED7DF19BAD95512E63CA44AAC4D95A7109D31F98A042E45C37A5A630
                                                                                                                                                              Serial:00C74F79C78393EBF22858E9AD3914567F

                                                                                                                                                              Entrypoint Preview

                                                                                                                                                              Instruction
                                                                                                                                                              dec eax
                                                                                                                                                              sub esp, 28h
                                                                                                                                                              call 00007F31B916DC5Ch
                                                                                                                                                              dec eax
                                                                                                                                                              add esp, 28h
                                                                                                                                                              jmp 00007F31B9161D53h
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              dec eax
                                                                                                                                                              sub esp, 28h
                                                                                                                                                              dec ecx
                                                                                                                                                              mov ecx, dword ptr [ecx+38h]
                                                                                                                                                              dec ebp
                                                                                                                                                              mov edx, ecx
                                                                                                                                                              dec esp
                                                                                                                                                              mov eax, edx
                                                                                                                                                              mov eax, dword ptr [ecx]
                                                                                                                                                              inc esp
                                                                                                                                                              mov ecx, eax
                                                                                                                                                              inc ecx
                                                                                                                                                              and ecx, FFFFFFF8h
                                                                                                                                                              test al, 04h
                                                                                                                                                              je 00007F31B9162024h
                                                                                                                                                              mov eax, dword ptr [ecx+08h]
                                                                                                                                                              dec esp
                                                                                                                                                              arpl word ptr [ecx+04h], ax
                                                                                                                                                              neg eax
                                                                                                                                                              dec esp
                                                                                                                                                              add eax, edx
                                                                                                                                                              dec eax
                                                                                                                                                              arpl ax, cx
                                                                                                                                                              dec esp
                                                                                                                                                              and eax, ecx
                                                                                                                                                              dec ecx
                                                                                                                                                              arpl cx, ax
                                                                                                                                                              dec esi
                                                                                                                                                              mov ecx, dword ptr [eax+eax]
                                                                                                                                                              dec ecx
                                                                                                                                                              mov eax, dword ptr [edx+10h]
                                                                                                                                                              mov ecx, dword ptr [eax+08h]
                                                                                                                                                              dec ecx
                                                                                                                                                              add ecx, dword ptr [edx+08h]
                                                                                                                                                              movzx eax, byte ptr [ecx+03h]
                                                                                                                                                              test al, 0Fh
                                                                                                                                                              je 00007F31B916201Dh
                                                                                                                                                              movzx eax, al
                                                                                                                                                              and eax, FFFFFFF0h
                                                                                                                                                              dec eax
                                                                                                                                                              cwde
                                                                                                                                                              dec eax
                                                                                                                                                              add edx, eax
                                                                                                                                                              dec ecx
                                                                                                                                                              xor edx, ecx
                                                                                                                                                              dec eax
                                                                                                                                                              mov ecx, edx
                                                                                                                                                              call 00007F31B9162038h
                                                                                                                                                              mov eax, 00000001h
                                                                                                                                                              dec eax
                                                                                                                                                              add esp, 28h
                                                                                                                                                              ret
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              int3
                                                                                                                                                              nop
                                                                                                                                                              nop
                                                                                                                                                              nop
                                                                                                                                                              dec eax
                                                                                                                                                              cmp ecx, dword ptr [0003A6E1h]
                                                                                                                                                              jne 00007F31B9162023h
                                                                                                                                                              dec eax
                                                                                                                                                              rol ecx, 10h
                                                                                                                                                              test cx, FFFFh
                                                                                                                                                              jne 00007F31B9162014h
                                                                                                                                                              rep ret
                                                                                                                                                              dec eax
                                                                                                                                                              ror ecx, 10h
                                                                                                                                                              jmp 00007F31B916DC76h
                                                                                                                                                              int3
                                                                                                                                                              dec eax
                                                                                                                                                              mov dword ptr [0003DE69h], ecx

                                                                                                                                                              Rich Headers

                                                                                                                                                              Programming Language:
                                                                                                                                                              • [ASM] VS2005 build 50727
                                                                                                                                                              • [C++] VS2005 build 50727
                                                                                                                                                              • [ C ] VS2005 build 50727
                                                                                                                                                              • [IMP] VS2008 SP1 build 30729
                                                                                                                                                              • [RES] VS2005 build 50727
                                                                                                                                                              • [LNK] VS2005 build 50727

                                                                                                                                                              Data Directories

                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x56d480xb4.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x6f0000x4450.rsrc
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x6b0000x30d8.pdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x1c443980x37598
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x440000x570.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x569cc0x40.rdata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                              Sections

                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                              .text0x10000x425e80x42600621425d2b11a6bb99469e607e0aca672False0.5100378119114878data6.3982806361962785IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                              .rdata0x440000x13fbc0x14000d83de124e956f4b9e4f222b9699dc53dFalse0.5061279296875data6.342710933623384IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                              .data0x580000x125880x240062713ce28cd25bcbef3a28b9b5376e9fFalse0.28125data4.122166743304936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              .pdata0x6b0000x30d80x3200b8fe0758429efb0996ac308153a6b770False0.474296875data5.617840977286745IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                              .rsrc0x6f0000xa2820xa4002bc843f2090b38422ac2f60bb09d0f05False0.6030154344512195data6.22621142728583IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                              Resources

                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                              RT_ICON0x6f1f00x528Device independent bitmap graphic, 16 x 32 x 32, image size 12800.48333333333333334
                                                                                                                                                              RT_ICON0x6f7180xb68Device independent bitmap graphic, 24 x 48 x 32, image size 28800.3886986301369863
                                                                                                                                                              RT_ICON0x702800x1428Device independent bitmap graphic, 32 x 64 x 32, image size 51200.30271317829457367
                                                                                                                                                              RT_ICON0x716a80x2d28Device independent bitmap graphic, 48 x 96 x 32, image size 115200.2371107266435986
                                                                                                                                                              RT_ICON0x743d00x4850PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9974070872947277
                                                                                                                                                              RT_GROUP_ICON0x78c200x4cdata0.8026315789473685
                                                                                                                                                              RT_VERSION0x78c6c0x49cdata0.3016949152542373
                                                                                                                                                              RT_MANIFEST0x791080x17aASCII text, with CRLF line terminatorsEnglishUnited States0.5052910052910053

                                                                                                                                                              Imports

                                                                                                                                                              DLLImport
                                                                                                                                                              WINMM.dlltimeGetTime
                                                                                                                                                              WININET.dllInternetQueryOptionA, InternetCloseHandle, InternetOpenA, HttpSendRequestA, InternetErrorDlg, HttpOpenRequestA, InternetSetOptionA, InternetReadFile, InternetCrackUrlA, InternetConnectA, InternetOpenUrlA, HttpQueryInfoA
                                                                                                                                                              VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
                                                                                                                                                              WINHTTP.dllWinHttpGetIEProxyConfigForCurrentUser, WinHttpCloseHandle, WinHttpOpen, WinHttpGetProxyForUrl
                                                                                                                                                              COMCTL32.dllInitCommonControlsEx
                                                                                                                                                              KERNEL32.dllGetLocaleInfoA, GetStringTypeW, LCMapStringW, LCMapStringA, RtlLookupFunctionEntry, RtlVirtualUnwind, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetStringTypeA, HeapReAlloc, MoveFileExA, FreeLibrary, Sleep, GetProcAddress, LoadLibraryA, GetVersion, GetTempPathA, WaitForSingleObject, SetEvent, TerminateThread, CreateEventA, GetLastError, GetModuleHandleA, CloseHandle, CreateMutexA, ReleaseMutex, CreateThread, SetEnvironmentVariableA, GlobalFree, DeleteFileA, InitializeCriticalSection, SetStdHandle, EnterCriticalSection, DeleteCriticalSection, GetExitCodeProcess, CreateProcessA, GetCurrentDirectoryA, lstrlenA, FormatMessageA, GetShortPathNameA, SetCurrentDirectoryA, LocalAlloc, GetVersionExA, LocalFree, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, SetFilePointer, HeapSize, ReadFile, FlushFileBuffers, GetConsoleMode, GetConsoleCP, GetStartupInfoA, GetFileType, SetHandleCount, GetOEMCP, GetACP, GetCPInfo, FlsAlloc, TlsSetValue, SetLastError, FlsFree, TlsFree, FlsSetValue, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, CompareStringA, CompareStringW, SetEndOfFile, LeaveCriticalSection, RaiseException, HeapFree, HeapAlloc, FileTimeToSystemTime, FileTimeToLocalFileTime, FindFirstFileA, FindNextFileA, FindClose, MoveFileA, ExitProcess, GetCurrentProcess, GetDateFormatA, GetTimeFormatA, GetDriveTypeA, GetFullPathNameA, GetTimeZoneInformation, GetSystemTimeAsFileTime, ExitThread, GetCurrentThreadId, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesA, CreateDirectoryA, RemoveDirectoryA, GetCommandLineA, GetProcessHeap, HeapSetInformation, HeapCreate, WriteFile, GetStdHandle, GetModuleFileNameA, RtlUnwindEx, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlCaptureContext, FlsGetValue
                                                                                                                                                              USER32.dllSetTimer, GetWindowRect, KillTimer, SetWindowPos, GetDesktopWindow, DestroyWindow, GetMessageA, GetWindowLongPtrA, PostThreadMessageA, MonitorFromPoint, LoadIconA, SendMessageA, GetMonitorInfoA, TranslateMessage, CreateWindowExA, PeekMessageA, DefWindowProcA, GetCursorPos, ShowWindow, SetWindowLongPtrA, DispatchMessageA, SystemParametersInfoA, LoadCursorA, ValidateRect, RegisterClassA
                                                                                                                                                              ADVAPI32.dllGetExplicitEntriesFromAclA, GetNamedSecurityInfoA, GetUserNameA, EqualSid, ConvertStringSidToSidA, SetNamedSecurityInfoA, SetEntriesInAclA

                                                                                                                                                              Possible Origin

                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                              EnglishUnited States

                                                                                                                                                              Network Behavior

                                                                                                                                                              Snort IDS Alerts

                                                                                                                                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                              04/20/24-05:32:04.140813TCP2049863ET TROJAN SimpleHelp Remote Access Software Activity4973580192.168.2.4139.64.137.101
                                                                                                                                                              04/20/24-05:32:04.278483TCP2049863ET TROJAN SimpleHelp Remote Access Software Activity4973480192.168.2.4139.64.137.101

                                                                                                                                                              Network Port Distribution

                                                                                                                                                              TCP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Apr 20, 2024 05:32:04.006819010 CEST4973480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.007016897 CEST4973580192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.140292883 CEST8049734139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:32:04.140383005 CEST4973480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.140580893 CEST8049735139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:32:04.140661955 CEST4973580192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.140723944 CEST4973480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.140813112 CEST4973580192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.274447918 CEST8049734139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:32:04.274511099 CEST8049735139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:32:04.276351929 CEST8049734139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:32:04.276473999 CEST4973480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.277069092 CEST8049735139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:32:04.277144909 CEST4973580192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.278482914 CEST4973480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:32:04.412349939 CEST8049734139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:32:04.412415981 CEST4973480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:08.506860971 CEST4974280192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:08.641177893 CEST8049742139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:08.641299963 CEST4974280192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:08.643707991 CEST4974280192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:08.777009964 CEST8049742139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:08.778948069 CEST8049742139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:08.830897093 CEST4974280192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:08.959933043 CEST4974280192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:08.961596012 CEST4974380192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:09.094302893 CEST8049742139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:09.095072985 CEST8049743139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:09.095172882 CEST4974380192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:09.095393896 CEST4974380192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:09.143413067 CEST4974280192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:09.228776932 CEST8049743139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:09.230154991 CEST8049743139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:09.284043074 CEST4974380192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:10.909368992 CEST4973480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:10.909480095 CEST4973580192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:10.922918081 CEST4974280192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:10.922979116 CEST4974380192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:14.186674118 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:14.320302963 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:14.320542097 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:14.322882891 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:14.456454039 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:14.457487106 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:14.553248882 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:14.603724957 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:14.739510059 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:14.808739901 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:14.946526051 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:14.953526020 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.087970018 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088035107 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088074923 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088129997 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.088149071 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088190079 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088205099 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.088231087 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088272095 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088279009 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.088310957 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088350058 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088355064 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.088387966 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.088439941 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.221779108 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.221848011 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.221888065 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.221905947 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.221927881 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.221966028 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222004890 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222008944 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.222043991 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222083092 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.222115993 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222152948 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222157001 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.222192049 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222229958 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222234011 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.222269058 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222306013 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222309113 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.222345114 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222382069 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222419024 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222420931 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.222457886 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222459078 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.222496033 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222532988 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222570896 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.222572088 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.223654032 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.355917931 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.355984926 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356024027 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356040001 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.356096983 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356156111 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356172085 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.356194973 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356235027 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356275082 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356280088 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.356313944 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356352091 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.356353998 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.356389999 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.356393099 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.375013113 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:15.509424925 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:15.643820047 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:17.537976980 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:17.672019958 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:17.672900915 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:17.806323051 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:17.851018906 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:24.461381912 CEST4974480192.168.2.4139.64.137.101
                                                                                                                                                              Apr 20, 2024 05:33:24.595201969 CEST8049744139.64.137.101192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:24.595350027 CEST4974480192.168.2.4139.64.137.101

                                                                                                                                                              UDP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Apr 20, 2024 05:32:03.888144016 CEST5302053192.168.2.41.1.1.1
                                                                                                                                                              Apr 20, 2024 05:32:03.999690056 CEST53530201.1.1.1192.168.2.4
                                                                                                                                                              Apr 20, 2024 05:33:13.984392881 CEST6274253192.168.2.41.1.1.1
                                                                                                                                                              Apr 20, 2024 05:33:14.091029882 CEST53627421.1.1.1192.168.2.4

                                                                                                                                                              DNS Queries

                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                              Apr 20, 2024 05:32:03.888144016 CEST192.168.2.41.1.1.10x5971Standard query (0)help.alphetacs.comA (IP address)IN (0x0001)false
                                                                                                                                                              Apr 20, 2024 05:33:13.984392881 CEST192.168.2.41.1.1.10xf688Standard query (0)help.alphetacs.comA (IP address)IN (0x0001)false

                                                                                                                                                              DNS Answers

                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                              Apr 20, 2024 05:32:03.999690056 CEST1.1.1.1192.168.2.40x5971No error (0)help.alphetacs.com139.64.137.101A (IP address)IN (0x0001)false
                                                                                                                                                              Apr 20, 2024 05:33:14.091029882 CEST1.1.1.1192.168.2.40xf688No error (0)help.alphetacs.com139.64.137.101A (IP address)IN (0x0001)false

                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                              • help.alphetacs.com

                                                                                                                                                              HTTP Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.449734139.64.137.101806176C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Apr 20, 2024 05:32:04.140723944 CEST158OUTGET /customer/JWrapper-Windows64JRE-version.txt?time=4186938694 HTTP/1.1
                                                                                                                                                              User-Agent: JWrapperDownloader
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Apr 20, 2024 05:32:04.276351929 CEST227INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 11
                                                                                                                                                              Last-Modified: Tue, 10 Oct 2023 13:35:04 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Data Raw: 30 30 30 38 34 30 30 30 30 35 33
                                                                                                                                                              Data Ascii: 00084000053
                                                                                                                                                              Apr 20, 2024 05:32:04.278482914 CEST158OUTGET /customer/JWrapper-Windows64JRE-version.txt?time=4186938694 HTTP/1.1
                                                                                                                                                              User-Agent: JWrapperDownloader
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Apr 20, 2024 05:32:04.412349939 CEST227INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 11
                                                                                                                                                              Last-Modified: Tue, 10 Oct 2023 13:35:04 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Data Raw: 30 30 30 38 34 30 30 30 30 35 33
                                                                                                                                                              Data Ascii: 00084000053


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              1192.168.2.449735139.64.137.101806176C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Apr 20, 2024 05:32:04.140813112 CEST158OUTGET /customer/JWrapper-Windows64JRE-version.txt?time=4186938694 HTTP/1.1
                                                                                                                                                              User-Agent: JWrapperDownloader
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Apr 20, 2024 05:32:04.277069092 CEST227INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 11
                                                                                                                                                              Last-Modified: Tue, 10 Oct 2023 13:35:04 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Data Raw: 30 30 30 38 34 30 30 30 30 35 33
                                                                                                                                                              Data Ascii: 00084000053


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              2192.168.2.449742139.64.137.101806176C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Apr 20, 2024 05:33:08.643707991 CEST315OUTGET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:08.778948069 CEST227INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 11
                                                                                                                                                              Last-Modified: Tue, 10 Oct 2023 13:40:58 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Data Raw: 30 30 31 30 32 32 33 36 32 34 31
                                                                                                                                                              Data Ascii: 00102236241
                                                                                                                                                              Apr 20, 2024 05:33:08.959933043 CEST307OUTGET /customer/JWrapper-JWrapper-version.txt HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:09.094302893 CEST227INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 11
                                                                                                                                                              Last-Modified: Tue, 10 Oct 2023 13:40:46 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Data Raw: 30 30 31 30 32 32 33 36 32 33 30
                                                                                                                                                              Data Ascii: 00102236230


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              3192.168.2.449743139.64.137.101806176C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Apr 20, 2024 05:33:09.095393896 CEST315OUTGET /customer/JWrapper-Remote%20Support-version.txt HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:09.230154991 CEST227INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 11
                                                                                                                                                              Last-Modified: Tue, 10 Oct 2023 13:40:58 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Data Raw: 30 30 31 30 32 32 33 36 32 34 31
                                                                                                                                                              Data Ascii: 00102236241


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              4192.168.2.449744139.64.137.101807188C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Apr 20, 2024 05:33:14.322882891 CEST334OUTGET /server_side_parameters HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:14.457487106 CEST298INHTTP/1.1 200 OK
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 142
                                                                                                                                                              Keep-Alive: timeout=0
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Data Raw: 23 53 69 6d 70 6c 65 48 65 6c 70 20 50 61 72 61 6d 65 74 65 72 73 0a 23 53 61 74 20 41 70 72 20 32 30 20 30 33 3a 33 33 3a 31 34 20 55 54 43 20 32 30 32 34 0a 64 65 66 61 75 6c 74 5f 70 61 73 73 77 6f 72 64 3d 66 61 6c 73 65 0a 73 65 72 76 65 72 5f 76 65 72 73 69 6f 6e 3d 53 53 75 69 74 65 2d 35 2d 34 2d 32 30 32 33 31 30 31 30 2d 31 34 33 35 32 33 0a 70 61 73 73 77 6f 72 64 5f 72 65 71 75 69 72 65 64 3d 66 61 6c 73 65 0a
                                                                                                                                                              Data Ascii: #SimpleHelp Parameters#Sat Apr 20 03:33:14 UTC 2024default_password=falseserver_version=SSuite-5-4-20231010-143523password_required=false
                                                                                                                                                              Apr 20, 2024 05:33:14.603724957 CEST336OUTGET /translations_user/en.txt HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:14.739510059 CEST200INHTTP/1.1 200 OK
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 0
                                                                                                                                                              Last-Modified: Tue, 10 Oct 2023 13:31:00 GMT
                                                                                                                                                              Keep-Alive: timeout=0
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Apr 20, 2024 05:33:14.808739901 CEST338OUTGET /branding/brandingfiles?a=3 HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:14.946526051 CEST286INHTTP/1.1 200 OK
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 130
                                                                                                                                                              Keep-Alive: timeout=0
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Data Raw: 45 58 54 52 41 43 54 7c 61 70 70 6c 65 74 5f 73 70 6c 61 73 68 2e 70 6e 67 7c 35 30 37 35 35 7c 36 38 45 43 36 39 30 42 31 43 46 35 38 35 41 32 44 35 34 32 38 44 42 44 32 32 30 43 44 38 46 37 0a 45 58 54 52 41 43 54 7c 62 72 61 6e 64 69 6e 67 2e 70 72 6f 70 65 72 74 69 65 73 7c 33 36 30 7c 30 36 45 33 34 32 41 39 41 46 44 42 30 46 36 33 46 36 35 43 43 34 38 46 45 46 44 46 46 42 43 34 0a
                                                                                                                                                              Data Ascii: EXTRACT|applet_splash.png|50755|68EC690B1CF585A2D5428DBD220CD8F7EXTRACT|branding.properties|360|06E342A9AFDB0F63F65CC48FEFDFFBC4
                                                                                                                                                              Apr 20, 2024 05:33:14.953526020 CEST342OUTGET /branding/applet_splash.png?a=3 HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:15.087970018 CEST218INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 50755
                                                                                                                                                              Last-Modified: Fri, 12 Apr 2024 21:45:57 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Apr 20, 2024 05:33:15.088035107 CEST1289INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 7a 00 00 00 fb 08 06 00 00 00 64 3b 5f 59 00 00 80 00 49 44 41 54 78 da ec 7d 77 9c 55 d7 75 ee 16 cc 30 85 29 4c 63 66 28 43 07 49 34 51 45 33 43 11 55 54 53 35 43 11 35 b4 11 d5 08 64 a4
                                                                                                                                                              Data Ascii: PNGIHDRzd;_YIDATx}wUu0)Lcf(CI4QE3CUTS5C5d;%$%w'q^8)Yk>{sr{[jHk4qWtfYt>HZ;c=s' &rqA9w]Qk+x
                                                                                                                                                              Apr 20, 2024 05:33:15.088074923 CEST1289INData Raw: 0c f3 37 7a ed 22 67 a8 cf 50 9f f5 96 98 ef 7c 2e 7c fe 1c 3d b7 34 9f fc 00 20 f0 a7 79 04 f9 c7 cc 63 2c d0 f7 c3 02 3f 79 27 8d 60 df 3e d9 3c 07 f9 a0 05 47 8c c2 0f dc 69 e1 71 33 3e 68 04 31 b4 78 93 4c 1b 95 26 98 c0 fe 3e 65 f5 71 99 61
                                                                                                                                                              Data Ascii: 7z"gP|.|=4 yc,?y'`><Giq3>h1xL&>eqayYaq@z@0axxd8K!Y)bfty`L<D:1bBr4(wa^?cyspXKG8/n{
                                                                                                                                                              Apr 20, 2024 05:33:15.088149071 CEST1289INData Raw: 2c 9e 1f c6 10 89 34 cb 03 f0 70 d0 71 80 df a9 e7 c8 1c b6 34 3f cd 0c bc e3 cf 0f bd 86 cf 91 1f f0 db e0 6f e6 ce 1f fc 61 0e 9b d0 6a db 88 f2 8e 7b de f8 41 6d 24 de 31 18 d6 3b 14 93 b2 bc 60 cf 2d 7d b5 3f 52 ec bf 6b 7f b2 0d 80 46 29 63
                                                                                                                                                              Data Ascii: ,4pq4?oaj{Am$1;`-}?RkF)cxD/u&AfxoqnU'oB,[`tT29VY5XGqwa^sQ0fF"p30AO~~`PgY|yaoe
                                                                                                                                                              Apr 20, 2024 05:33:15.088190079 CEST1289INData Raw: f6 b7 f2 39 5e 93 56 db 53 a1 59 3d d7 ea 6d df 9d 9c 97 fb 13 e8 6d d9 46 3d 18 62 f3 b4 08 21 14 6f 92 76 0a 19 d3 bf 11 99 f7 a0 c8 af ed 4d f1 10 b2 cd 75 2e b0 07 8d 6e 1a 32 55 90 70 38 ab 57 d7 cf 4f f0 76 28 df 24 04 f2 94 db 10 a4 ef 92
                                                                                                                                                              Data Ascii: 9^VSY=mmF=b!ovMu.n2Up8WOv($EZqlw"'{Olkq=wCB<zK*ds+pyO^hy_o8x/9$<Ad}~pDu^pf 9JF_l&u}KtYH0j|wmVH
                                                                                                                                                              Apr 20, 2024 05:33:15.088231087 CEST1289INData Raw: c3 00 bd 5d ea 98 0a dd dd 91 c7 86 ca 50 3e 2d be 9d 92 dc 8c 2c d0 b7 42 b6 51 80 c2 65 1b 58 c8 e3 91 71 cc c3 c4 28 5a 88 3b b1 18 d9 21 95 d0 94 b6 6b 56 00 07 0b ee 59 fc fe 9d 78 3d 6b 30 91 6a 1e 26 51 8d 77 ae bf 1d c9 37 be 6c 9e 87 52
                                                                                                                                                              Data Ascii: ]P>-,BQeXq(Z;!kVYx=k0j&Qw7lR9(y0LV3rM?I{q^2%N-S8Nh[5o8D[=wQ='O<yn)dTMdW%cM^rV@o^g?CKW"t_`,lN
                                                                                                                                                              Apr 20, 2024 05:33:15.088272095 CEST1289INData Raw: d5 07 e8 bf ed ea 27 4d 4d de 79 cf 5f de 7c e4 be 04 7a 5b b6 81 8a 8f 83 9c d3 10 1e da 0c 94 6d dc a6 65 04 b2 8d a3 13 ca 91 64 e7 a9 16 1d 81 93 88 7c 03 e1 8a 19 23 df c4 64 f3 61 22 35 28 a7 41 3d 83 6b 92 67 a7 8e c5 ff 56 dc 14 7f ee d2
                                                                                                                                                              Data Ascii: 'MMy_|z[med|#da"5(A=kgVwA{?p6C$fiW{HodlMr#O&az%|ck#@VTJ)>/?M^b8?i|H(f42A59_;;|<]zMX{7k
                                                                                                                                                              Apr 20, 2024 05:33:15.088310957 CEST1289INData Raw: be c0 42 ac c3 44 05 8c c3 53 76 1e 3a c5 d6 32 d6 f1 8c 63 fe 25 23 db 80 d9 fa 1b 39 7e 2b c7 ef 9c 9f f2 fb ef 47 f9 06 f5 f9 1c 4f 9f 5e 3b 8b 92 d8 bc ed c0 03 96 7a d0 29 24 15 35 9b bf 21 3e ae 99 3c 38 5d 09 e4 f7 b0 fa 42 ee 66 ed dc fc
                                                                                                                                                              Data Ascii: BDSv:2c%#9~+GO^;z)$5!><8]BfWlLHl@=lh3D&`b)k}.gzo'bbJ5Y&v,A.|N4xKiFlvy)-nrH4Pko]:6S5p}>pNG!0
                                                                                                                                                              Apr 20, 2024 05:33:15.088350058 CEST1289INData Raw: 24 63 e5 9b c0 86 2f e4 84 a5 3e bd 7e 61 ae c4 e6 2f 47 d4 4c 04 c2 28 5f c7 b2 b5 e7 b4 c9 0f 20 b4 0d 41 69 39 ea d9 a6 2f 2f 58 47 83 5c 3a 35 0f 63 b3 01 9e 4b 00 71 40 c4 05 16 b1 80 22 1e e0 83 13 77 58 dc c1 63 c3 09 d8 c9 e9 47 1a b1 ed
                                                                                                                                                              Data Ascii: $c/>~a/GL(_ Ai9//XG\:5cKq@"wXcGkSQ@oB+CDv$_ML!1RxD7xo=@vah-{6MdwD^;;$y2QHiF?l71(A/pEi81
                                                                                                                                                              Apr 20, 2024 05:33:15.088387966 CEST1289INData Raw: f9 a3 56 1f e0 f1 fc 2e 51 00 fd 51 f1 ff 1c f9 f3 ae f8 80 ae 79 e3 17 4d 05 16 fb 6a 9f c3 7c b8 a7 bc 03 f8 62 ba 79 40 df f6 4d 64 41 bf 6d 80 3e ae 6c 43 ec 31 58 b6 39 18 91 6c 73 02 c3 f7 6e 62 8c ef ed 38 43 c9 09 4f 44 22 df f0 46 0b 89
                                                                                                                                                              Data Ascii: V.QQyMj|by@MdAm>lC1X9lsnb8COD"F7ngN3dW\QavT6 t^*$$3+N^z~pNh4SAw7L`J}ZZB!d>UI9=P6FprDqO47X]6V"5Q8N
                                                                                                                                                              Apr 20, 2024 05:33:15.221779108 CEST1289INData Raw: 29 aa 9e 45 34 15 0e af b2 0e 52 cf c4 b5 72 e0 20 aa c6 12 c0 f9 e9 ee ad db ee 80 9e 7c 30 bc 60 1d 6f 28 a3 d6 19 80 df 34 24 1a 6e 8b fa 9c f8 74 e4 40 cf 01 ff bc f8 19 16 3f 7b 0b fb cb de 60 5d c5 5a 90 14 1d 46 0b fb 00 ee 49 03 fa e0 b4
                                                                                                                                                              Data Ascii: )E4Rr |0`o(4$nt@?{`]ZFI!X29sIPo[Bd`K1alAph'ZaVPo"C@i/W&._tr83fU&65Gdkv!=
                                                                                                                                                              Apr 20, 2024 05:33:15.375013113 CEST344OUTGET /branding/branding.properties?a=3 HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:15.509424925 CEST577INHTTP/1.1 200 OK
                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                              Content-Length: 360
                                                                                                                                                              Last-Modified: Wed, 29 Mar 2023 21:01:26 GMT
                                                                                                                                                              Cache-Control: private, must-revalidate
                                                                                                                                                              Pragma: private
                                                                                                                                                              Server: SimpleHelp/SSuite-5-4-20231010-143523
                                                                                                                                                              Data Raw: 23 53 69 6d 70 6c 65 48 65 6c 70 20 42 72 61 6e 64 69 6e 67 20 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 0a 23 54 75 65 20 46 65 62 20 30 38 20 32 32 3a 34 30 3a 30 34 20 55 54 43 20 32 30 32 32 0a 52 57 5f 45 58 45 5f 4e 41 4d 45 5f 4b 45 45 50 5f 4f 53 3d 74 72 75 65 0a 43 4f 4c 4f 52 5f 41 50 50 5f 48 45 41 44 45 52 3d 5c 23 46 46 46 46 46 46 0a 52 57 5f 45 58 45 5f 4e 41 4d 45 5f 4b 45 45 50 5f 54 59 50 45 3d 74 72 75 65 0a 53 55 50 50 4f 52 54 5f 45 58 45 5f 4e 41 4d 45 3d 41 6c 70 68 65 74 61 43 53 0a 53 55 50 50 4f 52 54 5f 45 58 45 5f 4e 41 4d 45 5f 4b 45 45 50 5f 54 59 50 45 3d 74 72 75 65 0a 52 57 5f 45 58 45 5f 4e 41 4d 45 3d 53 69 6d 70 6c 65 48 65 6c 70 20 52 65 6d 6f 74 65 20 57 6f 72 6b 0a 53 48 4f 57 5f 50 52 45 56 49 45 57 5f 49 4d 41 47 45 53 3d 74 72 75 65 0a 53 55 50 50 4f 52 54 5f 45 58 45 5f 4e 41 4d 45 5f 4b 45 45 50 5f 4f 53 3d 74 72 75 65 0a 41 50 50 4c 49 43 41 54 49 4f 4e 5f 4e 41 4d 45 3d 41 6c 70 68 65 74 61 20 43 6f 6d 70 75 74 65 72 20 53 65 72 76 69 63 65 0a 43 4f 4c 4f 52 5f 57 45 42 5f 48 45 41 44 45 52 3d 5c 23 46 46 46 46 46 46 0a
                                                                                                                                                              Data Ascii: #SimpleHelp Branding Configuration#Tue Feb 08 22:40:04 UTC 2022RW_EXE_NAME_KEEP_OS=trueCOLOR_APP_HEADER=\#FFFFFFRW_EXE_NAME_KEEP_TYPE=trueSUPPORT_EXE_NAME=AlphetaCSSUPPORT_EXE_NAME_KEEP_TYPE=trueRW_EXE_NAME=SimpleHelp Remote WorkSHOW_PREVIEW_IMAGES=trueSUPPORT_EXE_NAME_KEEP_OS=trueAPPLICATION_NAME=Alpheta Computer ServiceCOLOR_WEB_HEADER=\#FFFFFF
                                                                                                                                                              Apr 20, 2024 05:33:17.537976980 CEST348OUTGET /simplehelpdisclaimer.txt?language=en HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:17.672019958 CEST168INHTTP/1.1 200 OK
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Content-Type: text/plain;charset=utf-8
                                                                                                                                                              Content-Length: 0
                                                                                                                                                              Keep-Alive: timeout=0
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Apr 20, 2024 05:33:17.672900915 CEST333OUTGET /simplehelpdetails.txt HTTP/1.1
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              User-Agent: Mozilla/15.0 (Macintosh; Intel Mac OS X 110_9_9) AppleWebKit/1537.36 (KHTML, like Gecko) Chrome/145.0.2272.118 Safari/1537.36
                                                                                                                                                              Host: help.alphetacs.com
                                                                                                                                                              Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              Apr 20, 2024 05:33:17.806323051 CEST241INHTTP/1.1 200 OK
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Content-Type:
                                                                                                                                                              Content-Length: 96
                                                                                                                                                              Keep-Alive: timeout=0
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Data Raw: 3c 44 65 74 61 69 6c 73 4c 69 73 74 3e 0a 09 3c 43 55 49 46 69 65 6c 64 20 74 79 70 65 3d 22 74 65 78 74 66 69 65 6c 64 22 20 77 69 64 74 68 3d 22 31 30 30 22 20 6c 61 62 65 6c 3d 22 4e 61 6d 65 22 3e 0a 09 3c 2f 43 55 49 46 69 65 6c 64 3e 0a 3c 2f 44 65 74 61 69 6c 73 4c 69 73 74 3e 0a
                                                                                                                                                              Data Ascii: <DetailsList><CUIField type="textfield" width="100" label="Name"></CUIField></DetailsList>


                                                                                                                                                              Statistics

                                                                                                                                                              CPU Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              Memory Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                              Behavior

                                                                                                                                                              Click to jump to process

                                                                                                                                                              System Behavior

                                                                                                                                                              General

                                                                                                                                                              Target ID:0
                                                                                                                                                              Start time:05:32:00
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Siggen22.5496.3468.3170.exe"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:29'866'288 bytes
                                                                                                                                                              MD5 hash:85DBA8FCEDE6C7F667101C4E4B392584
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:1
                                                                                                                                                              Start time:05:32:04
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\crs-agent.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:2
                                                                                                                                                              Start time:05:32:07
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\charsets.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:3
                                                                                                                                                              Start time:05:32:09
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\jsse.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:4
                                                                                                                                                              Start time:05:32:09
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\jaccess.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:5
                                                                                                                                                              Start time:05:32:11
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunpkcs11.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:7
                                                                                                                                                              Start time:05:32:20
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\openjsse.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:10
                                                                                                                                                              Start time:05:32:26
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\legacy8ujsse.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:11
                                                                                                                                                              Start time:05:32:32
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\cldrdata.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:12
                                                                                                                                                              Start time:05:32:37
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\access-bridge-64.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:13
                                                                                                                                                              Start time:05:32:47
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\ext\sunmscapi.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:14
                                                                                                                                                              Start time:05:32:53
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\lib\rt.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:15
                                                                                                                                                              Start time:05:32:59
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe" "-Xshare:dump"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:173'136 bytes
                                                                                                                                                              MD5 hash:58AF839323322202948776B70447BECD
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:16
                                                                                                                                                              Start time:05:33:00
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\unpack200.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\unpack200.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar.p2" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583921-5-app\customer-jar-with-dependencies.jar"
                                                                                                                                                              Imagebase:0x7ff6d8320000
                                                                                                                                                              File size:199'808 bytes
                                                                                                                                                              MD5 hash:FFAE954C09033DF1EBCD4FE056B183F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:17
                                                                                                                                                              Start time:05:33:08
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Remote Support.exe" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx512m -Xms5m -XX:MinHeapFreeRatio=15 -XX:MaxHeapFreeRatio=30 -Djava.util.Arrays.useLegacyMergeSort=true -Djava.net.preferIPv4Stack=true -Dsun.java2d.dpiaware=true -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3 -Dsun.awt.fontconfig=fontconfig.properties jwrapper.JWrapper "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\unrestricted\JWLaunchProperties-1713584048640-1"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:173'136 bytes
                                                                                                                                                              MD5 hash:58AF839323322202948776B70447BECD
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              • Detection: 0%, Virustotal, Browse
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:18
                                                                                                                                                              Start time:05:33:13
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Windows\System32\icacls.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:icacls "C:\ProgramData\SimpleHelp" /t /c /grant *S-1-1-0:(OI)(CI)F
                                                                                                                                                              Imagebase:0x7ff659130000
                                                                                                                                                              File size:39'424 bytes
                                                                                                                                                              MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:19
                                                                                                                                                              Start time:05:33:13
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:20
                                                                                                                                                              Start time:05:33:13
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Windows\System32\icacls.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:icacls "C:\ProgramData\SimpleHelp\ElevateSH" /t /c /grant *S-1-5-32-545:(OI)(CI)F
                                                                                                                                                              Imagebase:0x7ff659130000
                                                                                                                                                              File size:39'424 bytes
                                                                                                                                                              MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:21
                                                                                                                                                              Start time:05:33:13
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:22
                                                                                                                                                              Start time:05:33:13
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Windows\System32\icacls.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:icacls "C:\ProgramData\SimpleHelp\ElevateSH\*.*" /t /c /grant *S-1-1-0:(OI)(CI)F
                                                                                                                                                              Imagebase:0x7ff659130000
                                                                                                                                                              File size:39'424 bytes
                                                                                                                                                              MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:23
                                                                                                                                                              Start time:05:33:13
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:24
                                                                                                                                                              Start time:05:33:13
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe -install C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:243'992 bytes
                                                                                                                                                              MD5 hash:01DEEF7F533173DA5E2B26B00AFDE108
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 4%, ReversingLabs
                                                                                                                                                              • Detection: 1%, Virustotal, Browse
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:25
                                                                                                                                                              Start time:05:33:14
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\ProgramData\SimpleHelp\ElevateSH\elev_win.exe" "C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:243'992 bytes
                                                                                                                                                              MD5 hash:01DEEF7F533173DA5E2B26B00AFDE108
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:26
                                                                                                                                                              Start time:05:33:14
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" "-install" "C:\ProgramData\SimpleHelp\ElevateSH\MMoveLauncher5018212369185496700.service"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:116'112 bytes
                                                                                                                                                              MD5 hash:871F2AE119AC463E75BBEABC1E925AA9
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              • Detection: 0%, Virustotal, Browse
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:27
                                                                                                                                                              Start time:05:33:14
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:116'112 bytes
                                                                                                                                                              MD5 hash:871F2AE119AC463E75BBEABC1E925AA9
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:28
                                                                                                                                                              Start time:05:33:14
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\session_win.exe" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:155'680 bytes
                                                                                                                                                              MD5 hash:E6D42C11F69732831860A5EEEFD510A1
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:29
                                                                                                                                                              Start time:05:33:14
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\ProgramData\SimpleHelp\ElevateSH\SimpleService.exe" -uninstallbyname ShTemporaryService53942608
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:116'112 bytes
                                                                                                                                                              MD5 hash:871F2AE119AC463E75BBEABC1E925AA9
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:30
                                                                                                                                                              Start time:05:33:14
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapperTemp-1713583982-6-app\bin\windowslauncher.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\windowslauncher.exe" "-cp" "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" "-Xmx128m" "-Xms5m" "-Dsun.java2d.dpiaware=true" "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" "com.aem.sdesktop.util.MouseMover" "127.0.0.1" "49745" "127.0.0.1" "49746" "elevated"
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:173'136 bytes
                                                                                                                                                              MD5 hash:58AF839323322202948776B70447BECD
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:31
                                                                                                                                                              Start time:05:33:15
                                                                                                                                                              Start date:20/04/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Windows64JRE-00084000053-complete\bin\Session Elevation Helper" -cp "C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete\customer-jar-with-dependencies.jar" -Xmx128m -Xms5m -Dsun.java2d.dpiaware=true "-Djava.library.path=C:\Users\user\AppData\Roaming\JWrapper-Remote Support\JWrapper-Remote Support-00102236241-complete" com.aem.sdesktop.util.MouseMover 127.0.0.1 49749 127.0.0.1 49750 elevated_backup
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              File size:173'136 bytes
                                                                                                                                                              MD5 hash:58AF839323322202948776B70447BECD
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              • Detection: 0%, Virustotal, Browse
                                                                                                                                                              Has exited:false

                                                                                                                                                              Disassembly

                                                                                                                                                              Reset < >

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:2.1%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                Signature Coverage:19%
                                                                                                                                                                Total number of Nodes:1058
                                                                                                                                                                Total number of Limit Nodes:64
                                                                                                                                                                execution_graph 63857 7ff6d833bc38 63858 7ff6d833bcb4 63857->63858 63860 7ff6d833bc8a 63857->63860 63859 7ff6d833bcc7 memset 63858->63859 63859->63860 63861 7ff6d833be4c 63860->63861 63862 7ff6d833bd62 fprintf 63860->63862 63878 7ff6d832106e 63861->63878 63868 7ff6d833bd94 63862->63868 63865 7ff6d833be1c 63889 7ff6d833ea60 10 API calls 63865->63889 63867 7ff6d833be2b 63868->63865 63882 7ff6d83216d6 63868->63882 63869 7ff6d833be95 63870 7ff6d833bf17 sprintf 63869->63870 63871 7ff6d833bf89 63869->63871 63870->63871 63871->63865 63873 7ff6d833c47e 63871->63873 63875 7ff6d833c62b 63871->63875 63872 7ff6d833cbcf 63873->63865 63876 7ff6d833c5e9 63873->63876 63874 7ff6d833cb86 strlen 63874->63875 63875->63872 63875->63874 63877 7ff6d833c5fc memset 63876->63877 63877->63865 63878->63869 63879 7ff6d832e960 63878->63879 63880 7ff6d832e989 63879->63880 63881 7ff6d832e9bd free 63879->63881 63880->63869 63881->63880 63882->63865 63883 7ff6d833e5cc 63882->63883 63884 7ff6d833e5e4 fflush 63883->63884 63888 7ff6d833e609 63883->63888 63885 7ff6d833e5f7 fflush fclose 63884->63885 63886 7ff6d833e5ef 63884->63886 63885->63888 63890 7ff6d8321055 63886->63890 63889->63867 63890->63885 63891 7ff6d833e1ac strlen 63890->63891 63892 7ff6d833e200 63891->63892 63893 7ff6d833e25d 63892->63893 63896 7ff6d833ea60 10 API calls 63893->63896 63895 7ff6d833e325 63895->63885 63896->63895 63897 7ff6d8322df8 63898 7ff6d8322e0f 63897->63898 63899 7ff6d8322e15 63898->63899 63900 7ff6d8322e31 63898->63900 63903 666a8d78 63898->63903 63900->63899 63902 666a8d78 63 API calls 63900->63902 63902->63899 63904 666a8d7d RtlRestoreThreadPreferredUILanguages 63903->63904 63906 666a8dad _getdiskfree 63903->63906 63905 666a8d98 63904->63905 63904->63906 63909 6666568c 63 API calls _get_doserrno 63905->63909 63906->63900 63908 666a8d9d GetLastError 63908->63906 63909->63908 63910 7ff6d833db5c memset 63913 7ff6d832114a 63910->63913 63912 7ff6d833dbcf 63913->63912 63915 7ff6d8325bd8 63913->63915 63914 7ff6d8325c34 63914->63912 63915->63914 63917 666a8cbc 63915->63917 63918 666a8d50 63917->63918 63919 666a8cd4 63917->63919 63940 6665f2ac DecodePointer 63918->63940 63922 666a8d0c RtlAllocateHeap 63919->63922 63923 666a8cec 63919->63923 63927 666a8d35 63919->63927 63931 666a8d3a 63919->63931 63937 6665f2ac DecodePointer 63919->63937 63921 666a8d55 63941 6666568c 63 API calls _get_doserrno 63921->63941 63922->63919 63926 666a8d45 63922->63926 63923->63922 63934 66661030 63 API calls 2 library calls 63923->63934 63935 66660dcc 63 API calls 9 library calls 63923->63935 63936 66660944 GetModuleHandleW GetProcAddress ExitProcess malloc 63923->63936 63926->63914 63938 6666568c 63 API calls _get_doserrno 63927->63938 63939 6666568c 63 API calls _get_doserrno 63931->63939 63934->63923 63935->63923 63937->63919 63938->63931 63939->63926 63940->63921 63941->63926 63942 7ff6d833d7bc 63943 7ff6d833d800 63942->63943 63945 7ff6d833d7c1 63942->63945 63944 7ff6d833d7d9 fwrite 63944->63945 63946 7ff6d833d810 _errno fprintf exit 63944->63946 63945->63943 63945->63944 63947 7ff6d833d8c2 63946->63947 63950 7ff6d833ea60 10 API calls 63947->63950 63949 7ff6d833d8cf 63950->63949 63951 6666e4e0 63952 6666e4f7 63951->63952 63953 6666e4fe 63951->63953 63968 6666e3ec 67 API calls 4 library calls 63952->63968 63959 6666d66c 63953->63959 63958 6666e4fc 63960 6666d681 63959->63960 63961 6666d6bf EnterCriticalSection 63959->63961 63960->63961 63962 6666d68d 63960->63962 63969 66661740 63962->63969 63964 6666d6b4 _fflush_nolock 63965 6666d710 63964->63965 63966 6666d751 LeaveCriticalSection 63965->63966 63967 6666d71c 63965->63967 63967->63966 63968->63958 63970 6666175e 63969->63970 63971 6666176f EnterCriticalSection 63969->63971 63975 66661654 63970->63975 63976 66661692 63975->63976 63977 6666167b 63975->63977 63978 666616a7 63976->63978 64010 666a8a90 63976->64010 64007 66661030 63 API calls 2 library calls 63977->64007 63978->63971 64000 66660d70 63978->64000 63981 66661680 64008 66660dcc 63 API calls 9 library calls 63981->64008 63984 666616cc 63988 66661740 _lock 61 API calls 63984->63988 63985 666616bd 64015 6666568c 63 API calls _get_doserrno 63985->64015 63986 66661688 64009 66660944 GetModuleHandleW GetProcAddress ExitProcess malloc 63986->64009 63990 666616d6 63988->63990 63991 666616e2 InitializeCriticalSectionAndSpinCount 63990->63991 63992 6666170f 63990->63992 63994 666616f1 63991->63994 63999 666616fe LeaveCriticalSection 63991->63999 63993 666a8d78 free 61 API calls 63992->63993 63993->63999 63996 666a8d78 free 61 API calls 63994->63996 63997 666616f9 63996->63997 64016 6666568c 63 API calls _get_doserrno 63997->64016 63999->63978 64017 66661030 63 API calls 2 library calls 64000->64017 64002 66660d7d 64040 66660dcc 63 API calls 9 library calls 64002->64040 64004 66660d84 64018 66660b0c 64004->64018 64007->63981 64008->63986 64011 666a8ab8 64010->64011 64012 666a8cbc malloc 62 API calls 64011->64012 64013 666616b5 64011->64013 64014 666a8acc Sleep 64011->64014 64012->64011 64013->63984 64013->63985 64014->64011 64014->64013 64015->63978 64016->63999 64017->64002 64019 66660b35 GetModuleHandleW 64018->64019 64020 66660ba2 64018->64020 64019->64020 64024 66660b47 64019->64024 64021 66661740 _lock 56 API calls 64020->64021 64022 66660bac 64021->64022 64023 66660c94 64022->64023 64026 66660bd3 DecodePointer 64022->64026 64025 66660ca3 64023->64025 64048 66661634 LeaveCriticalSection 64023->64048 64024->64020 64042 66660904 GetModuleHandleW 64024->64042 64032 66660cce 64025->64032 64041 66661634 LeaveCriticalSection 64025->64041 64026->64023 64029 66660bf1 DecodePointer 64026->64029 64030 66660c16 64029->64030 64030->64023 64037 66660c35 DecodePointer 64030->64037 64039 66660c4b DecodePointer DecodePointer 64030->64039 64046 66661f3c EncodePointer 64030->64046 64031 66660cbc 64033 66660904 malloc GetModuleHandleW GetProcAddress 64031->64033 64036 66660cc4 ExitProcess 64033->64036 64047 66661f3c EncodePointer 64037->64047 64039->64030 64040->64004 64043 66660937 64042->64043 64044 6666091e GetProcAddress 64042->64044 64043->64020 64044->64043 64045 66660933 64044->64045 64045->64043 64049 6666e680 64050 6666e694 64049->64050 64051 6666e6a9 64049->64051 64078 6666568c 63 API calls _get_doserrno 64050->64078 64059 6666e590 64051->64059 64054 6666e699 64079 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64054->64079 64055 6666e6ba 64057 6666e6a5 64055->64057 64080 6666568c 63 API calls _get_doserrno 64055->64080 64060 6666e5d3 64059->64060 64061 6666e5bf 64059->64061 64060->64061 64064 6666e5ea 64060->64064 64106 6666568c 63 API calls _get_doserrno 64061->64106 64063 6666e5c4 64107 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64063->64107 64081 66671e20 64064->64081 64068 6666e5fc 64108 6666568c 63 API calls _get_doserrno 64068->64108 64069 6666e609 64070 6666e630 64069->64070 64071 6666e60e 64069->64071 64097 6666db48 64070->64097 64109 6666568c 63 API calls _get_doserrno 64071->64109 64075 6666e5cf _wfopen_s 64075->64055 64077 6666d710 fgetwc LeaveCriticalSection 64077->64075 64078->64054 64079->64057 64080->64057 64082 66661740 _lock 63 API calls 64081->64082 64095 66671e39 64082->64095 64083 66671eb7 64110 66661634 LeaveCriticalSection 64083->64110 64084 66671ec3 64086 666a8a90 __wsetargv 63 API calls 64084->64086 64088 66671ecd 64086->64088 64087 6666e5ef 64087->64068 64087->64069 64088->64083 64089 66671ee3 InitializeCriticalSectionAndSpinCount 64088->64089 64090 66671ef6 64089->64090 64091 66671f14 EnterCriticalSection 64089->64091 64094 666a8d78 free 63 API calls 64090->64094 64091->64083 64092 66661654 _pclose 63 API calls 64092->64095 64094->64083 64095->64083 64095->64084 64095->64092 64111 6666d6d8 64 API calls _lock 64095->64111 64112 6666d764 LeaveCriticalSection 64095->64112 64105 6666db82 _wfreopen 64097->64105 64098 6666db99 64116 6666568c 63 API calls _get_doserrno 64098->64116 64100 6666db9e 64117 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64100->64117 64102 6666dd9f 64113 666aac68 64102->64113 64103 6666dba9 64103->64077 64105->64098 64105->64102 64106->64063 64107->64075 64108->64075 64109->64075 64111->64095 64118 666aab48 64113->64118 64116->64100 64117->64103 64119 666aab68 64118->64119 64120 666aab80 64118->64120 64203 6666568c 63 API calls _get_doserrno 64119->64203 64120->64119 64123 666aaba9 64120->64123 64122 666aab6d 64204 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64122->64204 64129 666aa2bc 64123->64129 64127 666aab79 64127->64103 64130 666aa306 64129->64130 64206 666afafc 64130->64206 64141 666aa364 64230 6666568c 63 API calls _get_doserrno 64141->64230 64147 666aa36e 64231 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64147->64231 64151 666aa43b 64212 666adc64 64151->64212 64152 666aa37a 64152->64127 64205 666adc34 LeaveCriticalSection 64152->64205 64153 666aa35f 64229 666656b4 63 API calls _get_doserrno 64153->64229 64156 666aa4e4 CreateFileA 64157 666aa5ad GetFileType 64156->64157 64158 666aa522 64156->64158 64162 666aa5ba GetLastError 64157->64162 64163 666aa605 64157->64163 64160 666aa573 GetLastError 64158->64160 64161 666aa530 64158->64161 64235 666656dc 63 API calls 2 library calls 64160->64235 64161->64160 64165 666aa53a CreateFileA 64161->64165 64237 666656dc 63 API calls 2 library calls 64162->64237 64239 666ad9a8 64 API calls 2 library calls 64163->64239 64164 666aa4c8 64233 6666568c 63 API calls _get_doserrno 64164->64233 64165->64157 64165->64160 64169 666aa5a1 64236 6666568c 63 API calls _get_doserrno 64169->64236 64170 666aa5ea CloseHandle 64170->64169 64174 666aa5f8 64170->64174 64171 666aa4d2 64234 6666568c 63 API calls _get_doserrno 64171->64234 64238 6666568c 63 API calls _get_doserrno 64174->64238 64176 666aa624 64179 666aa684 64176->64179 64181 666aa841 64176->64181 64184 666aa6a6 64176->64184 64178 666aa4dd 64178->64156 64240 666ad538 65 API calls 3 library calls 64179->64240 64183 666aa890 64181->64183 64194 666aa5a6 64181->64194 64182 666aa691 64182->64184 64241 666656b4 63 API calls _get_doserrno 64182->64241 64183->64181 64186 666aa9bb CloseHandle CreateFileA 64183->64186 64183->64194 64184->64181 64185 666ac1c8 73 API calls _sopen 64184->64185 64197 666aa69e 64184->64197 64242 666a9d7c 64184->64242 64259 666ad308 64184->64259 64185->64184 64188 666aa9f9 GetLastError 64186->64188 64186->64194 64283 666656dc 63 API calls 2 library calls 64188->64283 64190 666aaa06 64284 666ada5c 64 API calls 2 library calls 64190->64284 64285 666b0450 16 API calls _ftime64_s 64194->64285 64196 666aa859 64198 666a9d7c _close_nolock 66 API calls 64196->64198 64197->64183 64197->64184 64197->64196 64199 666aca18 65 API calls perror 64197->64199 64200 666ad538 65 API calls _lseek_nolock 64197->64200 64257 666aecc8 86 API calls 5 library calls 64197->64257 64201 666aa860 64198->64201 64199->64197 64200->64197 64258 6666568c 63 API calls _get_doserrno 64201->64258 64203->64122 64204->64127 64207 666aa31e 64206->64207 64208 666afb05 64206->64208 64207->64151 64207->64153 64207->64194 64286 6666568c 63 API calls _get_doserrno 64208->64286 64210 666afb0a 64287 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64210->64287 64213 66661654 _pclose 63 API calls 64212->64213 64214 666adc91 64213->64214 64215 66661740 _lock 63 API calls 64214->64215 64219 666aa4bc 64214->64219 64226 666adca3 64215->64226 64216 666ade39 64304 66661634 LeaveCriticalSection 64216->64304 64218 666addbb 64289 666a8b14 64218->64289 64219->64156 64232 666656b4 63 API calls _get_doserrno 64219->64232 64221 666add33 EnterCriticalSection 64224 666add43 LeaveCriticalSection 64221->64224 64221->64226 64222 66661740 _lock 63 API calls 64222->64226 64224->64226 64225 666add03 InitializeCriticalSectionAndSpinCount 64225->64226 64226->64216 64226->64218 64226->64221 64226->64222 64226->64225 64288 66661634 LeaveCriticalSection 64226->64288 64229->64141 64230->64147 64231->64152 64232->64164 64233->64171 64234->64178 64235->64169 64236->64194 64237->64170 64238->64169 64239->64176 64240->64182 64241->64197 64316 666adb0c 64242->64316 64244 666a9def 64328 666ada5c 64 API calls 2 library calls 64244->64328 64247 666adb0c _lseek_nolock 63 API calls 64250 666a9dd8 FindCloseChangeNotification 64247->64250 64248 666a9df8 64255 666a9e26 64248->64255 64329 666656dc 63 API calls 2 library calls 64248->64329 64249 666adb0c _lseek_nolock 63 API calls 64251 666a9dbf 64249->64251 64250->64244 64252 666a9de5 GetLastError 64250->64252 64254 666adb0c _lseek_nolock 63 API calls 64251->64254 64252->64244 64256 666a9dcc 64254->64256 64255->64197 64256->64244 64256->64247 64257->64197 64258->64194 64260 666ad32b 64259->64260 64261 666ad343 64259->64261 64393 666656b4 63 API calls _get_doserrno 64260->64393 64263 666ad3ba 64261->64263 64268 666ad375 64261->64268 64398 666656b4 63 API calls _get_doserrno 64263->64398 64264 666ad330 64394 6666568c 63 API calls _get_doserrno 64264->64394 64267 666ad3bf 64399 6666568c 63 API calls _get_doserrno 64267->64399 64270 666adb88 perror 65 API calls 64268->64270 64272 666ad37c 64270->64272 64271 666ad3c7 64400 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64271->64400 64274 666ad388 64272->64274 64275 666ad399 64272->64275 64335 666acba0 64274->64335 64395 6666568c 63 API calls _get_doserrno 64275->64395 64278 666ad395 64397 666adc34 LeaveCriticalSection 64278->64397 64279 666ad39e 64396 666656b4 63 API calls _get_doserrno 64279->64396 64282 666ad338 64282->64184 64283->64190 64284->64194 64286->64210 64287->64207 64290 666a8b39 64289->64290 64292 666a8b79 64290->64292 64293 666a8b57 Sleep 64290->64293 64305 666a9988 64290->64305 64292->64216 64294 666adb88 64292->64294 64293->64290 64293->64292 64295 666adbc9 64294->64295 64296 666adbfd 64294->64296 64297 66661740 _lock 63 API calls 64295->64297 64298 666adc10 64296->64298 64299 666adc01 EnterCriticalSection 64296->64299 64300 666adbd1 64297->64300 64298->64216 64299->64298 64301 666adbd9 InitializeCriticalSectionAndSpinCount 64300->64301 64302 666adbf3 64300->64302 64301->64302 64315 66661634 LeaveCriticalSection 64302->64315 64306 666a999d 64305->64306 64311 666a99ba 64305->64311 64307 666a99ab 64306->64307 64306->64311 64313 6666568c 63 API calls _get_doserrno 64307->64313 64308 666a99d2 HeapAlloc 64310 666a99b0 64308->64310 64308->64311 64310->64290 64311->64308 64311->64310 64314 6665f2ac DecodePointer 64311->64314 64313->64310 64314->64311 64317 666adb2a 64316->64317 64318 666adb15 64316->64318 64324 666a9d90 64317->64324 64332 666656b4 63 API calls _get_doserrno 64317->64332 64330 666656b4 63 API calls _get_doserrno 64318->64330 64320 666adb1a 64331 6666568c 63 API calls _get_doserrno 64320->64331 64323 666adb64 64333 6666568c 63 API calls _get_doserrno 64323->64333 64324->64244 64324->64249 64324->64256 64326 666adb6c 64334 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64326->64334 64328->64248 64329->64255 64330->64320 64331->64324 64332->64323 64333->64326 64334->64324 64338 666acbc2 _getch 64335->64338 64336 666acbea 64424 666b06b0 64336->64424 64337 666acbf6 64409 666656b4 63 API calls _get_doserrno 64337->64409 64338->64336 64338->64337 64341 666acc5c 64338->64341 64344 666acc71 64341->64344 64345 666acc64 64341->64345 64342 666acbfb 64410 6666568c 63 API calls _get_doserrno 64342->64410 64343 666ad2e5 64343->64278 64401 666ad3f0 64344->64401 64412 666aca18 65 API calls 3 library calls 64345->64412 64349 666acc02 64411 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64349->64411 64352 666acf4a 64353 666ad25f WriteFile 64352->64353 64354 666acf61 64352->64354 64357 666acf34 GetLastError 64353->64357 64365 666acf0a 64353->64365 64356 666ad03a 64354->64356 64361 666acf6f 64354->64361 64369 666ad11c 64356->64369 64372 666ad044 64356->64372 64357->64365 64359 666ad295 64359->64336 64422 6666568c 63 API calls _get_doserrno 64359->64422 64360 666acccd 64360->64352 64364 666accda GetConsoleCP 64360->64364 64361->64359 64367 666acfbb WriteFile 64361->64367 64363 666ad239 64370 666ad289 64363->64370 64371 666ad23e 64363->64371 64364->64365 64366 666accf4 _putch 64364->64366 64365->64336 64365->64359 64365->64363 64366->64365 64388 666acd9a WideCharToMultiByte 64366->64388 64392 666ace12 64366->64392 64418 6667d7d4 63 API calls _wcsupr_s_l 64366->64418 64367->64357 64374 666ad005 64367->64374 64368 666ad2bd 64423 666656b4 63 API calls _get_doserrno 64368->64423 64369->64359 64376 666ad16c WideCharToMultiByte 64369->64376 64421 666656dc 63 API calls 2 library calls 64370->64421 64419 6666568c 63 API calls _get_doserrno 64371->64419 64372->64359 64378 666ad09d WriteFile 64372->64378 64374->64361 64374->64365 64384 666ad035 64374->64384 64381 666ad255 GetLastError 64376->64381 64387 666ad1ba 64376->64387 64378->64357 64379 666ad0e7 64378->64379 64379->64365 64379->64372 64379->64384 64380 666ad243 64420 666656b4 63 API calls _get_doserrno 64380->64420 64381->64365 64383 666ad1bc WriteFile 64386 666ad206 GetLastError 64383->64386 64383->64387 64384->64365 64386->64387 64387->64365 64387->64369 64387->64383 64388->64365 64389 666acddd WriteFile 64388->64389 64389->64357 64389->64392 64390 666ae760 WriteConsoleW CreateFileW _putwch_nolock 64390->64392 64391 666ace36 WriteFile 64391->64357 64391->64392 64392->64357 64392->64365 64392->64366 64392->64390 64392->64391 64393->64264 64394->64282 64395->64279 64396->64278 64398->64267 64399->64271 64400->64282 64402 666ad3f9 64401->64402 64403 666ad406 64401->64403 64435 6666568c 63 API calls _get_doserrno 64402->64435 64405 666acc78 64403->64405 64436 6666568c 63 API calls _get_doserrno 64403->64436 64405->64352 64413 666620f0 64405->64413 64407 666ad43d 64437 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64407->64437 64409->64342 64410->64349 64411->64336 64412->64344 64438 66662064 GetLastError FlsGetValue 64413->64438 64415 666620fb 64416 6666210b GetConsoleMode 64415->64416 64417 66660d70 _amsg_exit 63 API calls 64415->64417 64416->64352 64416->64360 64417->64416 64418->64366 64419->64380 64420->64336 64421->64336 64422->64368 64423->64336 64425 666b06b9 64424->64425 64426 666b06c4 64425->64426 64427 666b4994 RtlCaptureContext RtlLookupFunctionEntry 64425->64427 64426->64343 64428 666b4a19 64427->64428 64429 666b49d8 RtlVirtualUnwind 64427->64429 64430 666b4a3b IsDebuggerPresent 64428->64430 64429->64430 64451 666b4930 64430->64451 64432 666b4a9a SetUnhandledExceptionFilter UnhandledExceptionFilter 64433 666b4ab8 _fltin2 64432->64433 64434 666b4ac2 GetCurrentProcess TerminateProcess 64432->64434 64433->64434 64434->64343 64435->64405 64436->64407 64437->64405 64439 666620d2 SetLastError 64438->64439 64440 6666208a 64438->64440 64439->64415 64441 666a8b14 _wcwild 58 API calls 64440->64441 64442 66662097 64441->64442 64442->64439 64443 6666209f FlsSetValue 64442->64443 64444 666620b5 64443->64444 64445 666620cb 64443->64445 64450 66661fa8 63 API calls 3 library calls 64444->64450 64447 666a8d78 free 58 API calls 64445->64447 64449 666620d0 64447->64449 64448 666620bc GetCurrentThreadId 64448->64439 64449->64439 64450->64448 64451->64432 64452 7ff6d83312a0 64453 7ff6d83312f7 64452->64453 64454 7ff6d83312d7 64452->64454 64454->64453 64456 7ff6d832f6d4 64454->64456 64457 7ff6d832f755 64456->64457 64458 7ff6d832f6ff 64456->64458 64457->64454 64458->64457 64459 7ff6d832f71c __iob_func 64458->64459 64460 7ff6d832f725 fread 64458->64460 64459->64460 64460->64458 64461 7ff6d832f73a _errno 64460->64461 64461->64457 64461->64458 64462 7ff6d8331800 64463 7ff6d8331816 fprintf fprintf fprintf 64462->64463 64464 7ff6d8331894 64462->64464 64463->64464 64465 7ff6d83318a4 64464->64465 64466 7ff6d83216d6 14 API calls 64464->64466 64467 7ff6d83318ee 64465->64467 64468 7ff6d83318ae __iob_func 64465->64468 64466->64465 64469 7ff6d83318c4 __iob_func 64468->64469 64470 7ff6d83318e5 fflush 64468->64470 64469->64470 64471 7ff6d83318da fclose 64469->64471 64470->64467 64471->64467 64472 7ff6d833d6e0 64473 7ff6d833d706 64472->64473 64474 7ff6d833d6f6 64472->64474 64476 7ff6d833d70d memset 64473->64476 64477 7ff6d833d71c 64473->64477 64474->64473 64475 7ff6d833d6fb malloc 64474->64475 64475->64473 64476->64477 64478 7ff6d8333004 64480 7ff6d8333034 64478->64480 64479 7ff6d8333249 64482 7ff6d8333391 memcpy 64479->64482 64485 7ff6d8333430 memcpy 64479->64485 64486 7ff6d833346f 64479->64486 64487 7ff6d8333638 64479->64487 64489 7ff6d83211bd realloc memset 64479->64489 64480->64479 64480->64487 64488 7ff6d83211bd realloc memset 64480->64488 64482->64479 64485->64479 64486->64487 64490 7ff6d8321604 memcpy 64486->64490 64488->64480 64489->64479 64490->64486 64491 7ff6d8337624 64494 7ff6d8337658 64491->64494 64492 7ff6d83377fa fprintf 64493 7ff6d8337814 64492->64493 64494->64492 64494->64493 64495 7ff6d833ec24 64496 7ff6d833ec3d 64495->64496 64497 7ff6d833ec4f 64496->64497 64498 7ff6d833ec58 Sleep 64496->64498 64499 7ff6d833ec74 _amsg_exit 64497->64499 64500 7ff6d833ec80 64497->64500 64498->64496 64499->64500 64501 7ff6d833ecc1 _initterm 64500->64501 64502 7ff6d833eca7 64500->64502 64503 7ff6d833ecde 64500->64503 64501->64503 64504 7ff6d833ed4d exit 64503->64504 64505 7ff6d833ed55 64503->64505 64504->64505 64505->64502 64506 7ff6d833ed5e _cexit 64505->64506 64506->64502 64507 6666ebe8 64510 6666eb38 64507->64510 64511 6666eb62 64510->64511 64512 6666eb91 64510->64512 64511->64512 64513 6666eb93 64511->64513 64514 6666eb71 _getdiskfree 64511->64514 64515 6666d66c fgetwc 64 API calls 64513->64515 64537 6666568c 63 API calls _get_doserrno 64514->64537 64517 6666eb9b 64515->64517 64523 6666e8d4 64517->64523 64518 6666eb86 64538 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64518->64538 64522 6666d710 fgetwc LeaveCriticalSection 64522->64512 64527 6666e909 _getdiskfree 64523->64527 64529 6666e923 64523->64529 64524 6666e913 64594 6666568c 63 API calls _get_doserrno 64524->64594 64526 6666e918 64595 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64526->64595 64527->64524 64527->64529 64535 6666e97e 64527->64535 64529->64522 64531 6666eac6 _getdiskfree 64597 6666568c 63 API calls _get_doserrno 64531->64597 64535->64529 64535->64531 64539 6666cca8 64535->64539 64545 666ac8f4 64535->64545 64574 6666d2b0 64535->64574 64596 66675df8 63 API calls 4 library calls 64535->64596 64537->64518 64538->64512 64540 6666ccc1 64539->64540 64541 6666ccb1 64539->64541 64540->64535 64598 6666568c 63 API calls _get_doserrno 64541->64598 64543 6666ccb6 64599 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64543->64599 64546 666ac91d 64545->64546 64547 666ac936 64545->64547 64663 666656b4 63 API calls _get_doserrno 64546->64663 64548 666ac9dd 64547->64548 64552 666ac974 64547->64552 64670 666656b4 63 API calls _get_doserrno 64548->64670 64551 666ac922 64664 6666568c 63 API calls _get_doserrno 64551->64664 64555 666ac998 64552->64555 64556 666ac984 64552->64556 64553 666ac9e2 64671 6666568c 63 API calls _get_doserrno 64553->64671 64559 666adb88 perror 65 API calls 64555->64559 64665 666656b4 63 API calls _get_doserrno 64556->64665 64562 666ac99f 64559->64562 64560 666ac990 64672 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64560->64672 64561 666ac989 64666 6666568c 63 API calls _get_doserrno 64561->64666 64564 666ac9ac 64562->64564 64565 666ac9bd 64562->64565 64600 666ac1c8 64564->64600 64667 6666568c 63 API calls _get_doserrno 64565->64667 64569 666ac9c2 64668 666656b4 63 API calls _get_doserrno 64569->64668 64570 666ac9b9 64669 666adc34 LeaveCriticalSection 64570->64669 64573 666ac92b 64573->64535 64575 6666d2c7 64574->64575 64578 6666d2dc 64574->64578 64691 6666568c 63 API calls _get_doserrno 64575->64691 64577 6666d2cc 64692 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64577->64692 64580 6666d310 64578->64580 64586 6666d2d7 64578->64586 64693 6666daf4 63 API calls __wsetargv 64578->64693 64582 6666cca8 _fileno 63 API calls 64580->64582 64583 6666d321 64582->64583 64584 666ac8f4 _inc 76 API calls 64583->64584 64585 6666d330 64584->64585 64585->64586 64587 6666cca8 _fileno 63 API calls 64585->64587 64586->64535 64588 6666d352 64587->64588 64588->64586 64589 6666cca8 _fileno 63 API calls 64588->64589 64590 6666d35f 64589->64590 64590->64586 64591 6666cca8 _fileno 63 API calls 64590->64591 64592 6666d36c 64591->64592 64593 6666cca8 _fileno 63 API calls 64592->64593 64593->64586 64594->64526 64595->64529 64596->64535 64597->64526 64598->64543 64599->64540 64601 666ac1f9 64600->64601 64602 666ac212 64600->64602 64673 666656b4 63 API calls _get_doserrno 64601->64673 64604 666ac8c0 64602->64604 64617 666ac254 64602->64617 64688 666656b4 63 API calls _get_doserrno 64604->64688 64606 666ac1fe 64674 6666568c 63 API calls _get_doserrno 64606->64674 64607 666ac8c5 64689 6666568c 63 API calls _get_doserrno 64607->64689 64609 666ac25c 64675 666656b4 63 API calls _get_doserrno 64609->64675 64612 666ac268 64690 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64612->64690 64613 666ac207 64613->64570 64614 666ac261 64676 6666568c 63 API calls _get_doserrno 64614->64676 64617->64609 64617->64613 64618 666ac2a8 64617->64618 64619 666ac2c4 64617->64619 64618->64609 64627 666ac2b4 ReadFile 64618->64627 64620 666a8a90 __wsetargv 63 API calls 64619->64620 64621 666ac2d4 64620->64621 64623 666ac2dc 64621->64623 64624 666ac2f7 64621->64624 64677 6666568c 63 API calls _get_doserrno 64623->64677 64679 666aca18 65 API calls 3 library calls 64624->64679 64625 666ac3f9 64626 666ac881 GetLastError 64625->64626 64634 666ac410 64625->64634 64628 666ac88c 64626->64628 64629 666ac89c 64626->64629 64627->64625 64627->64626 64685 6666568c 63 API calls _get_doserrno 64628->64685 64635 666ac8b0 64629->64635 64642 666ac5e2 64629->64642 64633 666ac2e1 64678 666656b4 63 API calls _get_doserrno 64633->64678 64634->64642 64651 666ac6c3 64634->64651 64654 666ac437 64634->64654 64687 666656dc 63 API calls 2 library calls 64635->64687 64636 666ac305 64636->64627 64637 666ac891 64686 666656b4 63 API calls _get_doserrno 64637->64686 64641 666a8d78 free 63 API calls 64641->64613 64642->64613 64642->64641 64643 666ac65b MultiByteToWideChar 64643->64642 64646 666ac68a GetLastError 64643->64646 64644 666ac749 ReadFile 64647 666ac776 GetLastError 64644->64647 64656 666ac784 64644->64656 64645 666ac4ad ReadFile 64648 666ac4d9 GetLastError 64645->64648 64659 666ac4e3 64645->64659 64683 666656dc 63 API calls 2 library calls 64646->64683 64647->64656 64648->64659 64650 666ac560 64650->64642 64652 666ac5dd 64650->64652 64653 666ac5f0 64650->64653 64658 666ac5a2 64650->64658 64651->64642 64651->64644 64681 6666568c 63 API calls _get_doserrno 64652->64681 64657 666ac648 64653->64657 64653->64658 64654->64645 64654->64650 64656->64651 64684 666aca18 65 API calls 3 library calls 64656->64684 64682 666aca18 65 API calls 3 library calls 64657->64682 64658->64643 64659->64654 64680 666aca18 65 API calls 3 library calls 64659->64680 64663->64551 64664->64573 64665->64561 64666->64560 64667->64569 64668->64570 64670->64553 64671->64560 64672->64573 64673->64606 64674->64613 64675->64614 64676->64612 64677->64633 64678->64613 64679->64636 64680->64659 64681->64642 64682->64643 64683->64642 64684->64656 64685->64637 64686->64629 64687->64613 64688->64607 64689->64612 64690->64613 64691->64577 64692->64586 64693->64580 64694 7ff6d8335aa8 memset __iob_func 64697 7ff6d832119f 64694->64697 64696 7ff6d8335af7 64697->64696 64698 7ff6d832d71c 64697->64698 64699 7ff6d832106e free 64698->64699 64700 7ff6d832d7a8 64698->64700 64699->64698 64700->64696 64701 7ff6d833dfc8 strlen 64702 7ff6d833e001 64701->64702 64708 7ff6d83216ae 64702->64708 64704 7ff6d833e00e 64705 7ff6d833e11f 64704->64705 64716 7ff6d833ea60 10 API calls 64705->64716 64707 7ff6d833e13d 64708->64704 64709 7ff6d833d9f4 64708->64709 64710 7ff6d833da33 memset _gmtime64 64709->64710 64714 7ff6d833da1f 64709->64714 64711 7ff6d833da7d 64710->64711 64712 7ff6d833da5b fprintf exit 64710->64712 64711->64714 64712->64711 64717 7ff6d833ea60 10 API calls 64714->64717 64715 7ff6d833db01 64715->64704 64716->64707 64717->64715 64718 7ff6d832de0c 64719 7ff6d832de49 64718->64719 64720 7ff6d832de2f 64718->64720 64720->64719 64721 7ff6d832de3b free 64720->64721 64721->64720 64722 7ff6d832d0ec 64728 7ff6d832d261 64722->64728 64729 7ff6d832d127 64722->64729 64724 7ff6d832d2ed 64725 7ff6d832d265 64733 7ff6d8321122 18 API calls 64725->64733 64727 7ff6d832d2b4 64727->64728 64734 7ff6d833ea60 10 API calls 64728->64734 64729->64725 64729->64728 64730 7ff6d832d208 64729->64730 64732 7ff6d8321122 18 API calls 64730->64732 64732->64728 64733->64727 64734->64724 64735 6666e110 64736 6666e131 64735->64736 64738 6666e145 64735->64738 64763 6666568c 63 API calls _get_doserrno 64736->64763 64739 6666e141 64738->64739 64741 6666d66c fgetwc 64 API calls 64738->64741 64740 6666e136 64764 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64740->64764 64743 6666e156 64741->64743 64747 6666e090 64743->64747 64746 6666d710 fgetwc LeaveCriticalSection 64746->64739 64748 6666e0a5 64747->64748 64749 6666e0b9 64747->64749 64797 6666568c 63 API calls _get_doserrno 64748->64797 64751 6666e0b5 64749->64751 64765 6666e318 64749->64765 64751->64746 64753 6666e0aa 64798 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64753->64798 64758 6666cca8 _fileno 63 API calls 64759 6666e0d6 64758->64759 64775 666a9e40 64759->64775 64762 666a8d78 free 63 API calls 64762->64751 64763->64740 64764->64739 64766 6666e335 64765->64766 64770 6666e0c4 64765->64770 64767 6666cca8 _fileno 63 API calls 64766->64767 64766->64770 64768 6666e34c 64767->64768 64769 666ad308 _flush 83 API calls 64768->64769 64769->64770 64771 6666dab4 64770->64771 64772 6666dac3 64771->64772 64774 6666dad2 64771->64774 64773 666a8d78 free 63 API calls 64772->64773 64772->64774 64773->64774 64774->64758 64776 666a9e59 64775->64776 64777 666a9e71 64775->64777 64799 666656b4 63 API calls _get_doserrno 64776->64799 64779 666a9eda 64777->64779 64784 666a9ea3 64777->64784 64803 666656b4 63 API calls _get_doserrno 64779->64803 64780 666a9e5e 64800 6666568c 63 API calls _get_doserrno 64780->64800 64783 666a9edf 64804 6666568c 63 API calls _get_doserrno 64783->64804 64786 666adb88 perror 65 API calls 64784->64786 64788 666a9eaa 64786->64788 64787 666a9ee7 64805 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64787->64805 64789 666a9ec1 64788->64789 64790 666a9eb6 64788->64790 64801 6666568c 63 API calls _get_doserrno 64789->64801 64792 666a9d7c _close_nolock 66 API calls 64790->64792 64794 666a9ebd 64792->64794 64802 666adc34 LeaveCriticalSection 64794->64802 64796 6666e0dd 64796->64751 64796->64762 64797->64753 64798->64751 64799->64780 64800->64796 64801->64794 64803->64783 64804->64787 64805->64796 64806 6666fa9c 64807 6666fac6 64806->64807 64818 6666fae7 64806->64818 64808 6666fad7 64807->64808 64809 6666fae9 64807->64809 64807->64818 64831 6666568c 63 API calls _get_doserrno 64808->64831 64811 6666d66c fgetwc 64 API calls 64809->64811 64813 6666faf1 64811->64813 64812 6666fadc 64832 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64812->64832 64819 6666f90c 64813->64819 64817 6666d710 fgetwc LeaveCriticalSection 64817->64818 64821 6666f939 64819->64821 64825 6666f953 64819->64825 64820 6666f943 64854 6666568c 63 API calls _get_doserrno 64820->64854 64821->64820 64821->64825 64829 6666f985 wmemmove_s 64821->64829 64823 6666f948 64855 666b0500 17 API calls _invalid_parameter_noinfo_noreturn 64823->64855 64825->64817 64827 6666e318 _flush 83 API calls 64827->64829 64828 6666cca8 _fileno 63 API calls 64828->64829 64829->64825 64829->64827 64829->64828 64830 666ad308 _flush 83 API calls 64829->64830 64833 6666d788 64829->64833 64830->64829 64831->64812 64832->64818 64834 6666cca8 _fileno 63 API calls 64833->64834 64835 6666d7aa 64834->64835 64836 6666d7b5 64835->64836 64837 6666d7cc 64835->64837 64856 6666568c 63 API calls _get_doserrno 64836->64856 64838 6666d7d1 64837->64838 64848 6666d7de _getstream$fin$0 64837->64848 64857 6666568c 63 API calls _get_doserrno 64838->64857 64841 6666d843 64842 6666d850 64841->64842 64843 6666d8dd 64841->64843 64845 6666d86c 64842->64845 64851 6666d885 64842->64851 64844 666ad308 _flush 83 API calls 64843->64844 64847 6666d7ba 64844->64847 64846 666ad308 _flush 83 API calls 64845->64846 64846->64847 64847->64829 64848->64841 64848->64847 64849 666ad3f0 _isatty 63 API calls 64848->64849 64850 6666d837 64848->64850 64849->64850 64850->64841 64858 6666daf4 63 API calls __wsetargv 64850->64858 64851->64847 64859 666acab4 68 API calls 4 library calls 64851->64859 64854->64823 64855->64825 64856->64847 64857->64847 64858->64841 64859->64847 64860 6666119c 64861 666611b2 64860->64861 64862 66661233 64860->64862 64905 666a8e68 HeapCreate 64861->64905 64863 6666128d 64862->64863 64871 66661237 64862->64871 64866 666612f7 64863->64866 64867 66661292 64863->64867 64872 666611bb 64866->64872 64964 66662258 65 API calls _freefls 64866->64964 64870 66661297 FlsGetValue 64867->64870 64870->64872 64874 666612a8 64870->64874 64871->64872 64880 66661273 64871->64880 64960 666a9d00 64 API calls free 64871->64960 64875 666a8b14 _wcwild 63 API calls 64874->64875 64878 666612b5 64875->64878 64878->64872 64882 666612c1 FlsSetValue 64878->64882 64880->64872 64962 66661f7c FlsFree 64880->64962 64881 66661269 64961 66661f7c FlsFree 64881->64961 64886 666612d7 64882->64886 64887 666612ed 64882->64887 64963 66661fa8 63 API calls 3 library calls 64886->64963 64892 666a8d78 free 63 API calls 64887->64892 64888 666611db 64956 66661f7c FlsFree 64888->64956 64892->64872 64894 666611cb 64955 666a8ec4 HeapDestroy 64894->64955 64897 666612de GetCurrentThreadId 64897->64872 64901 66661212 64902 6666121d 64901->64902 64958 66660ac0 73 API calls 3 library calls 64901->64958 64902->64872 64959 666a9d00 64 API calls free 64902->64959 64906 666611b7 64905->64906 64907 666a8e90 GetVersion 64905->64907 64906->64872 64910 666622bc 64906->64910 64908 666a8e9a HeapSetInformation 64907->64908 64909 666a8eb4 64907->64909 64908->64909 64909->64906 64965 66660980 64910->64965 64912 666622c7 64969 66661518 64912->64969 64915 66662330 64974 66661f7c FlsFree 64915->64974 64916 666622d0 FlsAlloc 64916->64915 64918 666622e8 64916->64918 64919 666a8b14 _wcwild 63 API calls 64918->64919 64921 666622f7 64919->64921 64920 666611c7 64920->64894 64926 666a9a28 GetStartupInfoW 64920->64926 64921->64915 64922 666622ff FlsSetValue 64921->64922 64922->64915 64923 66662312 64922->64923 64973 66661fa8 63 API calls 3 library calls 64923->64973 64925 6666231c GetCurrentThreadId 64925->64920 64927 666a8b14 _wcwild 63 API calls 64926->64927 64938 666a9a5e 64927->64938 64928 666611d7 64928->64888 64939 666b17b8 GetEnvironmentStringsW 64928->64939 64929 666a9c35 GetStdHandle 64934 666a9c10 64929->64934 64930 666a8b14 _wcwild 63 API calls 64930->64938 64931 666a9c65 GetFileType 64931->64934 64932 666a9cce SetHandleCount 64932->64928 64933 666a9b85 64933->64934 64936 666a9bbe InitializeCriticalSectionAndSpinCount 64933->64936 64937 666a9bb0 GetFileType 64933->64937 64934->64929 64934->64931 64934->64932 64935 666a9c8f InitializeCriticalSectionAndSpinCount 64934->64935 64935->64928 64935->64934 64936->64928 64936->64933 64937->64933 64937->64936 64938->64928 64938->64930 64938->64933 64938->64934 64938->64938 64940 666611e7 GetCommandLineA GetCommandLineW 64939->64940 64941 666b17e6 WideCharToMultiByte 64939->64941 64952 66684504 64940->64952 64943 666b1886 FreeEnvironmentStringsW 64941->64943 64944 666b1835 64941->64944 64943->64940 64945 666a8a90 __wsetargv 63 API calls 64944->64945 64946 666b183d 64945->64946 64946->64943 64947 666b1845 WideCharToMultiByte 64946->64947 64948 666b1878 FreeEnvironmentStringsW 64947->64948 64949 666b186d 64947->64949 64948->64940 64950 666a8d78 free 63 API calls 64949->64950 64951 666b1875 64950->64951 64951->64948 64976 66684320 64952->64976 64955->64872 64957 66661a54 63 API calls 5 library calls 64957->64901 64958->64902 64959->64888 64960->64881 64963->64897 64964->64872 64975 66661f3c EncodePointer 64965->64975 64967 6666098b _initp_misc_winsig 64968 6669fb10 EncodePointer 64967->64968 64968->64912 64970 6666153b 64969->64970 64971 66661541 InitializeCriticalSectionAndSpinCount 64970->64971 64972 66661572 64970->64972 64971->64970 64971->64972 64972->64915 64972->64916 64973->64925 64977 666620f0 _getptd 63 API calls 64976->64977 64978 66684344 64977->64978 65000 66683ef4 64978->65000 64983 666a8a90 __wsetargv 63 API calls 64984 66684370 wmemmove_s 64983->64984 64995 6666120d 64984->64995 65018 6668404c 64984->65018 64987 666843ab 64989 666843cf 64987->64989 64991 666a8d78 free 63 API calls 64987->64991 64988 666844b5 64990 666844ce 64988->64990 64992 666a8d78 free 63 API calls 64988->64992 64988->64995 64994 66661740 _lock 63 API calls 64989->64994 64989->64995 65029 6666568c 63 API calls _get_doserrno 64990->65029 64991->64989 64992->64990 64996 666843ff 64994->64996 64995->64957 64997 666844a2 64996->64997 64999 666a8d78 free 63 API calls 64996->64999 65028 66661634 LeaveCriticalSection 64997->65028 64999->64997 65001 666620f0 _getptd 63 API calls 65000->65001 65002 66683f03 65001->65002 65003 66683f1e 65002->65003 65004 66661740 _lock 63 API calls 65002->65004 65006 66683fa0 65003->65006 65007 66660d70 _amsg_exit 63 API calls 65003->65007 65009 66683f31 65004->65009 65005 66683f67 65030 66661634 LeaveCriticalSection 65005->65030 65011 66683fb4 65006->65011 65007->65006 65009->65005 65010 666a8d78 free 63 API calls 65009->65010 65010->65005 65031 6667c9b8 65011->65031 65014 66683ff9 65016 66683ffe GetACP 65014->65016 65017 66683fe4 65014->65017 65015 66683fd4 GetOEMCP 65015->65017 65016->65017 65017->64983 65017->64995 65019 66683fb4 65 API calls 65018->65019 65020 66684073 65019->65020 65021 6668407b 65020->65021 65022 666840cc IsValidCodePage 65020->65022 65027 666840f2 _getdiskfree 65020->65027 65023 666b06b0 _fltin2 8 API calls 65021->65023 65022->65021 65024 666840dd GetCPInfo 65022->65024 65025 666842ad 65023->65025 65024->65021 65024->65027 65025->64987 65025->64988 65040 66683cfc GetCPInfo 65027->65040 65029->64995 65032 6667c9ca 65031->65032 65033 6667ca2b 65031->65033 65034 666620f0 _getptd 63 API calls 65032->65034 65033->65014 65033->65015 65035 6667c9cf 65034->65035 65036 6667ca04 65035->65036 65039 666b1bd4 63 API calls 5 library calls 65035->65039 65036->65033 65038 66683ef4 _wcsupr_s_l 63 API calls 65036->65038 65038->65033 65039->65036 65041 66683d49 _getdiskfree 65040->65041 65042 66683e2f 65040->65042 65050 666b403c 65041->65050 65044 666b06b0 _fltin2 8 API calls 65042->65044 65046 66683ed3 65044->65046 65046->65021 65049 666b4390 _wcsupr_s_l 69 API calls 65049->65042 65051 6667c9b8 _wcsupr_s_l 63 API calls 65050->65051 65052 666b4060 65051->65052 65060 666b3ed8 65052->65060 65055 666b4390 65056 6667c9b8 _wcsupr_s_l 63 API calls 65055->65056 65057 666b43b4 65056->65057 65073 666b40c0 65057->65073 65061 666b3f1d MultiByteToWideChar 65060->65061 65062 666b3f17 65060->65062 65064 666b3f46 65061->65064 65070 666b3f3f 65061->65070 65062->65061 65063 666b06b0 _fltin2 8 API calls 65065 66683dcb 65063->65065 65066 666a8cbc malloc 63 API calls 65064->65066 65071 666b3f65 _getch _getdiskfree 65064->65071 65065->65055 65066->65071 65067 666b3fc7 MultiByteToWideChar 65068 666b3fe8 GetStringTypeW 65067->65068 65069 666b3ffd 65067->65069 65068->65069 65069->65070 65072 666a8d78 free 63 API calls 65069->65072 65070->65063 65071->65067 65071->65070 65072->65070 65075 666b40ff MultiByteToWideChar 65073->65075 65076 666b416e 65075->65076 65084 666b4167 65075->65084 65082 666b4199 _getch 65076->65082 65083 666a8cbc malloc 63 API calls 65076->65083 65077 666b41df MultiByteToWideChar 65079 666b4351 65077->65079 65080 666b4205 LCMapStringW 65077->65080 65078 666b06b0 _fltin2 8 API calls 65081 66683dfa 65078->65081 65079->65084 65086 666a8d78 free 63 API calls 65079->65086 65080->65079 65085 666b422f 65080->65085 65081->65049 65082->65077 65082->65084 65083->65082 65084->65078 65087 666b423a 65085->65087 65089 666b4271 65085->65089 65086->65084 65087->65079 65088 666b424d LCMapStringW 65087->65088 65088->65079 65091 666b428e _getch 65089->65091 65092 666a8cbc malloc 63 API calls 65089->65092 65090 666b42e3 LCMapStringW 65093 666b4340 65090->65093 65094 666b4304 WideCharToMultiByte 65090->65094 65091->65079 65091->65090 65092->65091 65093->65079 65096 666a8d78 free 63 API calls 65093->65096 65094->65093 65096->65079 65097 7ff6d832da94 65098 7ff6d832daac 65097->65098 65099 7ff6d832dab7 65097->65099 65098->65099 65100 7ff6d832dab1 free 65098->65100 65100->65099 65101 7ff6d83214d3 65102 7ff6d832fcd8 65101->65102 65103 7ff6d832fd42 getenv 65102->65103 65104 7ff6d832fd69 _strdup 65103->65104 65107 7ff6d832fd9e 65103->65107 65105 7ff6d832fd89 strtok 65104->65105 65106 7ff6d832fd77 65105->65106 65105->65107 65106->65105 65108 7ff6d832fe0c _strdup 65107->65108 65113 7ff6d832fe25 65107->65113 65108->65107 65109 7ff6d832fe7b strlen 65109->65113 65110 7ff6d832ffe9 strchr 65110->65113 65111 7ff6d832ff80 strchr 65112 7ff6d832ffad strchr 65111->65112 65111->65113 65112->65113 65113->65109 65113->65110 65113->65111 65114 7ff6d83300ac 65113->65114 65115 7ff6d832ff03 strchr 65113->65115 65116 7ff6d8330474 65113->65116 65128 7ff6d833042e strrchr 65113->65128 65141 7ff6d83303da 65113->65141 65204 7ff6d83212cb 14 API calls 65113->65204 65117 7ff6d8330101 65114->65117 65118 7ff6d83300b1 sprintf strlen 65114->65118 65119 7ff6d832ff1f strcmp 65115->65119 65120 7ff6d832ff34 strlen strncmp 65115->65120 65214 7ff6d832f858 strrchr fprintf fprintf 65116->65214 65121 7ff6d833011e 65117->65121 65206 7ff6d83212cb 14 API calls 65117->65206 65123 7ff6d83300ec 65118->65123 65119->65113 65120->65113 65125 7ff6d832ff68 strlen 65120->65125 65179 7ff6d83214b0 65121->65179 65205 7ff6d83212cb 14 API calls 65123->65205 65125->65113 65127 7ff6d8330488 exit 65131 7ff6d8330684 65127->65131 65133 7ff6d8330449 65128->65133 65134 7ff6d833044d fprintf exit 65128->65134 65130 7ff6d8330127 65135 7ff6d83303ba 65130->65135 65137 7ff6d833014a 65130->65137 65133->65134 65134->65116 65212 7ff6d832f858 strrchr fprintf fprintf 65135->65212 65139 7ff6d8330169 strcmp 65137->65139 65140 7ff6d833014f fprintf 65137->65140 65138 7ff6d83303ce exit 65138->65141 65142 7ff6d833017c __iob_func _fileno 65139->65142 65143 7ff6d83301df fopen 65139->65143 65140->65139 65144 7ff6d8330408 fprintf 65141->65144 65145 7ff6d8330401 65141->65145 65148 7ff6d8330195 strcmp 65142->65148 65147 7ff6d83301f8 fprintf exit 65143->65147 65143->65148 65213 7ff6d832f858 strrchr fprintf fprintf 65144->65213 65145->65144 65155 7ff6d83301dd 65147->65155 65150 7ff6d83301a8 __iob_func __iob_func 65148->65150 65148->65155 65149 7ff6d8330422 exit 65149->65128 65151 7ff6d83301ca 65150->65151 65150->65155 65207 7ff6d83212cb 14 API calls 65151->65207 65153 7ff6d8330236 65189 7ff6d832f798 65153->65189 65154 7ff6d833022d 65208 7ff6d8321415 19 API calls 65154->65208 65155->65153 65155->65154 65159 7ff6d833024c 65171 7ff6d8330274 65159->65171 65209 7ff6d832145b memset 65159->65209 65162 7ff6d8330309 65167 7ff6d8330312 fprintf 65162->65167 65163 7ff6d833032e 65164 7ff6d8330337 fclose 65163->65164 65165 7ff6d8330341 65163->65165 65164->65165 65166 7ff6d8330359 65165->65166 65168 7ff6d8330350 remove 65165->65168 65169 7ff6d833035e fprintf 65166->65169 65174 7ff6d8330375 65166->65174 65167->65163 65168->65166 65169->65174 65170 7ff6d832f798 3 API calls 65170->65171 65171->65170 65172 7ff6d83302ca 65171->65172 65175 7ff6d83302ea 65171->65175 65192 7ff6d8321118 65171->65192 65200 7ff6d83214c9 65171->65200 65210 7ff6d83211f9 6 API calls 65172->65210 65176 7ff6d8330387 65174->65176 65175->65162 65175->65163 65211 7ff6d833ea60 10 API calls 65176->65211 65178 7ff6d833039f 65179->65130 65180 7ff6d8332ad0 65179->65180 65181 7ff6d8332b0b strcmp 65180->65181 65182 7ff6d8332ba7 65180->65182 65183 7ff6d8332b2d strcmp 65181->65183 65184 7ff6d8332b25 __iob_func 65181->65184 65182->65130 65185 7ff6d8332b50 65183->65185 65186 7ff6d8332b44 __iob_func 65183->65186 65184->65182 65187 7ff6d8332b5c fopen 65185->65187 65188 7ff6d8332b75 __iob_func fprintf __iob_func 65185->65188 65186->65182 65187->65182 65187->65188 65188->65182 65191 7ff6d832f6d4 3 API calls 65189->65191 65190 7ff6d832f7b7 65190->65159 65191->65190 65192->65171 65194 7ff6d833b7cc 65192->65194 65193 7ff6d833b7f1 65193->65171 65194->65193 65195 7ff6d833b8e0 strlen 65194->65195 65196 7ff6d833b8ef 65194->65196 65195->65196 65196->65193 65197 7ff6d833ba47 strlen 65196->65197 65198 7ff6d83214dd 65197->65198 65199 7ff6d833ba9d strncat strcat 65198->65199 65199->65193 65200->65171 65202 7ff6d833d514 65200->65202 65201 7ff6d833d53d 65201->65171 65202->65201 65215 7ff6d832143d 65202->65215 65204->65113 65205->65117 65206->65121 65207->65155 65208->65153 65209->65171 65210->65171 65211->65178 65212->65138 65213->65149 65214->65127 65215->65201 65216 7ff6d833d470 65215->65216 65220 7ff6d833d4b1 65216->65220 65221 7ff6d8321249 65216->65221 65218 7ff6d833d4a2 65218->65220 65225 7ff6d832113b strlen strlen 65218->65225 65220->65201 65221->65218 65224 7ff6d833c8bc 65221->65224 65222 7ff6d833cbcf 65222->65218 65223 7ff6d833cb86 strlen 65223->65224 65224->65222 65224->65223 65225->65220 65226 7ff6d833d8f4 65227 7ff6d833d949 65226->65227 65228 7ff6d833d90a fopen 65226->65228 65228->65227 65229 7ff6d833d922 fprintf exit 65228->65229 65229->65227

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF6D83214D3 Relevance: 95.5, APIs: 36, Strings: 18, Instructions: 1002stringfileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 0 7ff6d83214d3-7ff6d832fd67 call 7ff6d833eb20 call 7ff6d83214ab call 7ff6d8321280 getenv 8 7ff6d832fd69-7ff6d832fd75 _strdup 0->8 9 7ff6d832fd9e-7ff6d832fddd call 7ff6d8321159 0->9 10 7ff6d832fd89-7ff6d832fd9c strtok 8->10 15 7ff6d832fddf 9->15 16 7ff6d832fe05-7ff6d832fe0a 9->16 10->9 12 7ff6d832fd77-7ff6d832fd86 call 7ff6d83213b6 10->12 12->10 18 7ff6d832fde2-7ff6d832fe03 15->18 19 7ff6d832fe20-7ff6d832fe23 16->19 18->16 18->18 20 7ff6d832fe0c-7ff6d832fe1d _strdup 19->20 21 7ff6d832fe25-7ff6d832fe39 19->21 20->19 22 7ff6d832fe3b-7ff6d832fe40 call 7ff6d83214f1 21->22 23 7ff6d832fe45-7ff6d832fe5d 21->23 22->23 25 7ff6d832fe62 23->25 26 7ff6d832fe65-7ff6d832fe72 25->26 27 7ff6d832fe7b-7ff6d832fea3 strlen call 7ff6d8321163 26->27 28 7ff6d832fe74-7ff6d832fe79 26->28 29 7ff6d832fea8-7ff6d832feb6 27->29 28->29 32 7ff6d832febc-7ff6d832febf 29->32 33 7ff6d832ffe2 29->33 32->33 35 7ff6d832fec5-7ff6d832fecf 32->35 34 7ff6d832ffe5-7ff6d832ffe7 33->34 36 7ff6d832ffe9-7ff6d832fffd strchr 34->36 37 7ff6d832ffff 34->37 38 7ff6d832fed9-7ff6d832fedb 35->38 39 7ff6d832fed1-7ff6d832fed4 35->39 36->37 40 7ff6d8330002-7ff6d8330009 36->40 37->40 41 7ff6d832ff80-7ff6d832ff95 strchr 38->41 42 7ff6d832fee1-7ff6d832feea 38->42 39->37 43 7ff6d833000b-7ff6d833000e 40->43 44 7ff6d8330014-7ff6d833001a 40->44 45 7ff6d832ff97-7ff6d832ff9b 41->45 46 7ff6d832ffad-7ff6d832ffbf strchr 41->46 47 7ff6d832feec-7ff6d832fef3 42->47 48 7ff6d832fef5-7ff6d832fefe 42->48 43->44 51 7ff6d83300ac-7ff6d83300af 43->51 52 7ff6d8330027-7ff6d833002a 44->52 53 7ff6d833001c-7ff6d833001f 44->53 54 7ff6d832ff9d-7ff6d832ffa1 45->54 55 7ff6d832ffa3-7ff6d832ffab 45->55 56 7ff6d832ffc1-7ff6d832ffc8 46->56 57 7ff6d832ffd3-7ff6d832ffd6 46->57 47->39 49 7ff6d832ff00 48->49 50 7ff6d832ff63-7ff6d832ff66 48->50 58 7ff6d832ff03-7ff6d832ff1d strchr 49->58 50->57 62 7ff6d8330101-7ff6d8330109 51->62 63 7ff6d83300b1-7ff6d83300fc sprintf strlen call 7ff6d8321163 call 7ff6d83212cb 51->63 60 7ff6d8330030-7ff6d8330033 52->60 61 7ff6d8330474-7ff6d8330684 call 7ff6d832f858 exit 52->61 53->52 59 7ff6d8330021-7ff6d8330023 53->59 54->34 55->34 64 7ff6d832ffdd-7ff6d832ffe0 56->64 65 7ff6d832ffca-7ff6d832ffd1 56->65 57->36 67 7ff6d832ff1f-7ff6d832ff2c strcmp 58->67 68 7ff6d832ff34-7ff6d832ff4d strlen strncmp 58->68 59->52 72 7ff6d8330090-7ff6d833009a 60->72 73 7ff6d8330035-7ff6d8330038 60->73 69 7ff6d833010b-7ff6d8330119 call 7ff6d83212cb 62->69 70 7ff6d833011e-7ff6d8330131 call 7ff6d83214b0 62->70 63->62 64->34 65->57 66 7ff6d832ffd8-7ff6d832ffdb 65->66 66->34 76 7ff6d832ff2e-7ff6d832ff32 67->76 77 7ff6d832ff4f-7ff6d832ff61 67->77 68->77 79 7ff6d832ff68-7ff6d832ff74 strlen 68->79 69->70 95 7ff6d8330137-7ff6d833013a 70->95 96 7ff6d83303ba-7ff6d83303d9 call 7ff6d832f858 exit 70->96 82 7ff6d833009e-7ff6d83300a7 call 7ff6d83212cb 72->82 83 7ff6d8330087-7ff6d833008b 73->83 84 7ff6d833003a-7ff6d833003d 73->84 88 7ff6d832ff77-7ff6d832ff7e 76->88 77->50 77->58 79->88 82->26 83->26 85 7ff6d833042e-7ff6d8330447 strrchr 84->85 86 7ff6d8330043-7ff6d8330046 84->86 93 7ff6d8330449 85->93 94 7ff6d833044d-7ff6d8330473 fprintf exit 85->94 86->61 92 7ff6d833004c-7ff6d833004f 86->92 88->34 98 7ff6d8330051-7ff6d8330054 92->98 99 7ff6d833007f-7ff6d8330082 92->99 93->94 94->61 95->96 100 7ff6d8330140-7ff6d8330144 95->100 109 7ff6d83303da-7ff6d83303ff 96->109 98->25 102 7ff6d833005a-7ff6d833005c 98->102 99->83 100->96 103 7ff6d833014a-7ff6d833014d 100->103 105 7ff6d833005e-7ff6d8330061 102->105 106 7ff6d833006f-7ff6d833007d 102->106 107 7ff6d8330169-7ff6d833017a strcmp 103->107 108 7ff6d833014f-7ff6d8330163 fprintf 103->108 105->109 110 7ff6d8330067-7ff6d833006a 105->110 106->82 111 7ff6d833017c-7ff6d8330192 __iob_func _fileno 107->111 112 7ff6d83301df-7ff6d83301f6 fopen 107->112 108->107 113 7ff6d8330408-7ff6d833042d fprintf call 7ff6d832f858 exit 109->113 114 7ff6d8330401 109->114 110->26 117 7ff6d8330195-7ff6d83301a6 strcmp 111->117 116 7ff6d83301f8-7ff6d833021a fprintf exit 112->116 112->117 113->85 114->113 119 7ff6d833021b-7ff6d8330223 call 7ff6d83216cc 116->119 117->119 120 7ff6d83301a8-7ff6d83301c8 __iob_func * 2 117->120 121 7ff6d8330228-7ff6d833022b 119->121 120->121 122 7ff6d83301ca-7ff6d83301dd call 7ff6d83212cb 120->122 125 7ff6d8330236-7ff6d833025c call 7ff6d832f798 121->125 126 7ff6d833022d-7ff6d8330231 call 7ff6d8321415 121->126 122->121 131 7ff6d833025e-7ff6d8330283 call 7ff6d8321159 call 7ff6d832145b call 7ff6d8321488 125->131 132 7ff6d83302d3-7ff6d83302d8 125->132 126->125 143 7ff6d8330300-7ff6d8330307 131->143 149 7ff6d8330285-7ff6d833028a 131->149 133 7ff6d83302db-7ff6d83302e8 call 7ff6d83214c9 132->133 140 7ff6d83302ea 133->140 141 7ff6d833029e-7ff6d83302aa call 7ff6d8321118 133->141 140->143 151 7ff6d833028c-7ff6d8330290 141->151 152 7ff6d83302ac-7ff6d83302b0 141->152 146 7ff6d8330309-7ff6d8330329 call 7ff6d8321401 fprintf 143->146 147 7ff6d833032e-7ff6d8330335 143->147 146->147 153 7ff6d8330337-7ff6d833033d fclose 147->153 154 7ff6d8330341-7ff6d8330345 147->154 149->133 151->143 157 7ff6d8330292-7ff6d8330299 call 7ff6d8321519 151->157 152->143 159 7ff6d83302b2-7ff6d83302be call 7ff6d832f798 152->159 153->154 155 7ff6d8330359-7ff6d833035c 154->155 156 7ff6d8330347-7ff6d833034e 154->156 161 7ff6d833035e-7ff6d833036f fprintf 155->161 162 7ff6d8330375-7ff6d8330382 call 7ff6d8321681 call 7ff6d832102d 155->162 156->155 160 7ff6d8330350-7ff6d8330353 remove 156->160 157->141 166 7ff6d83302c3-7ff6d83302c8 159->166 160->155 161->162 173 7ff6d8330387-7ff6d83303b9 call 7ff6d833ea60 162->173 168 7ff6d83302ec-7ff6d83302ee 166->168 169 7ff6d83302ca-7ff6d83302ce call 7ff6d83211f9 166->169 168->143 172 7ff6d83302f0-7ff6d83302fb call 7ff6d83216b3 168->172 169->132 172->143
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: fprintf$exit$strlen$__iob_funcstrchrstrcmp$_strdupstrrchr$_filenofclosefopengetenvremovesprintfstrncmpstrtok
                                                                                                                                                                • String ID: $ in ${UNPACK200_FLAGS}$%s version %s$1.30, 07/05/05$Error: %s$Error: Could not open input file: %s$HlJ$Missing option string%s: %s$UNPACK200_FLAGS$Unpacking from %s to %s$Unrecognized argument%s: %s$com.sun.java.util.jar.pack.unpack.log.file$com.sun.java.util.jar.pack.unpack.remove.packfile$com.sun.java.util.jar.pack.verbose$garbage after end of pack archive$unpack.deflate.hint$unpacker completed with status=%d$vqrVh?
                                                                                                                                                                • API String ID: 2486552076-3597311177
                                                                                                                                                                • Opcode ID: 32472c4666d47a55cd5a53ba4f2676f6dcc740c12cac87ffec0a0182b9c79699
                                                                                                                                                                • Instruction ID: 5cb82fd7a35ae5a8fd28e0c5a8f0789ef90909335812bc9701c05547638aac20
                                                                                                                                                                • Opcode Fuzzy Hash: 32472c4666d47a55cd5a53ba4f2676f6dcc740c12cac87ffec0a0182b9c79699
                                                                                                                                                                • Instruction Fuzzy Hash: 1F228121A08A5391EA30DBB5E8582BD2360FF85788F4A0037DA4ED7799DF3DE565C348
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AA2BC Relevance: 53.1, APIs: 29, Strings: 1, Instructions: 622fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$ErrorFileLast_lseek_nolock$CloseCreate__doserrno$Handle_close_nolock_invalid_parameter_noinfo$ChangeFindNotificationType_get_daylight
                                                                                                                                                                • String ID: @
                                                                                                                                                                • API String ID: 2844167220-2766056989
                                                                                                                                                                • Opcode ID: 5ea2cbdaae521215f7dc776416cb990a89da3e0662705185772c7979f72daecb
                                                                                                                                                                • Instruction ID: 8f47f99e2f7534105badcd354bccb18f757331383fb9c429401c81278f78bd8d
                                                                                                                                                                • Opcode Fuzzy Hash: 5ea2cbdaae521215f7dc776416cb990a89da3e0662705185772c7979f72daecb
                                                                                                                                                                • Instruction Fuzzy Hash: F822E236B247908BEB148B39F9907AD3A72F785768F10521ADE6687BE4CB39CC51C701
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666ACBA0 Relevance: 44.2, APIs: 24, Strings: 1, Instructions: 465COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 402 666acba0-666acbe8 call 666630b0 405 666acbea-666acbec 402->405 406 666acbf1-666acbf4 402->406 407 666ad2d6-666ad2ff call 666b06b0 405->407 408 666acbf6-666acc08 call 666656b4 call 6666568c call 666b0500 406->408 409 666acc15-666acc4b 406->409 427 666acc0d-666acc10 408->427 410 666acc4d-666acc51 409->410 411 666acc53-666acc5a 409->411 410->411 414 666acc5c-666acc62 410->414 411->408 411->414 417 666acc71-666acc7a call 666ad3f0 414->417 418 666acc64-666acc6c call 666aca18 414->418 425 666acf4a-666acf5b 417->425 426 666acc80-666acc91 417->426 418->417 429 666ad25f-666ad27b WriteFile 425->429 430 666acf61-666acf69 425->430 426->425 428 666acc97-666accc7 call 666620f0 GetConsoleMode 426->428 427->407 428->425 448 666acccd-666acccf 428->448 434 666ad281-666ad287 429->434 435 666acf34-666acf3c GetLastError 429->435 432 666ad03a-666ad03e 430->432 433 666acf6f-666acf72 430->433 436 666ad11c-666ad11f 432->436 437 666ad044-666ad047 432->437 440 666acf78 433->440 441 666ad295-666ad2ab 433->441 438 666ad22d-666ad22f 434->438 435->438 436->441 444 666ad125 436->444 437->441 447 666ad04d 437->447 445 666ad2d0-666ad2d4 438->445 446 666ad235-666ad237 438->446 449 666acf7b-666acf87 440->449 442 666ad2b8-666ad2cb call 6666568c call 666656b4 441->442 443 666ad2ad-666ad2b2 441->443 442->427 443->405 443->442 452 666ad12b-666ad130 444->452 445->407 446->441 453 666ad239-666ad23c 446->453 454 666ad052-666ad05e 447->454 455 666accda-666accee GetConsoleCP 448->455 456 666accd1-666accd4 448->456 450 666acf89-666acf92 449->450 459 666acfbb-666acfff WriteFile 450->459 460 666acf94-666acf9d 450->460 462 666ad132-666ad13b 452->462 463 666ad289-666ad290 call 666656dc 453->463 464 666ad23e-666ad250 call 6666568c call 666656b4 453->464 465 666ad060-666ad069 454->465 457 666acf41-666acf45 455->457 458 666accf4-666accf7 455->458 456->425 456->455 457->446 467 666accfd-666acd1c 458->467 468 666ace81-666ace85 458->468 459->435 471 666ad005-666ad01b 459->471 469 666acfaa-666acfb9 460->469 470 666acf9f-666acfa7 460->470 473 666ad16c-666ad1b4 WideCharToMultiByte 462->473 474 666ad13d-666ad14a 462->474 463->427 464->427 476 666ad06b-666ad078 465->476 477 666ad09d-666ad0e1 WriteFile 465->477 480 666acd3e-666acd48 call 6667d7d4 467->480 481 666acd1e-666acd3c 467->481 483 666ace8d-666acea9 468->483 484 666ace87-666ace8b 468->484 469->450 469->459 470->469 471->438 482 666ad021-666ad02f 471->482 489 666ad1ba 473->489 490 666ad255-666ad25d GetLastError 473->490 486 666ad158-666ad16a 474->486 487 666ad14c-666ad154 474->487 491 666ad07a-666ad085 476->491 492 666ad089-666ad09b 476->492 477->435 479 666ad0e7-666ad0fd 477->479 479->438 493 666ad103-666ad111 479->493 510 666acd4a-666acd57 480->510 511 666acd7e-666acd84 480->511 494 666acd87-666acd94 call 6667ebac 481->494 482->449 497 666ad035 482->497 499 666aceb0-666aceb4 483->499 484->483 498 666aceab 484->498 486->462 486->473 487->486 496 666ad1bc-666ad1f9 WriteFile 489->496 501 666ad228 490->501 491->492 492->465 492->477 493->454 502 666ad117 493->502 522 666acd9a-666acdd7 WideCharToMultiByte 494->522 523 666acf2b-666acf2f 494->523 508 666ad1fb-666ad202 496->508 509 666ad206-666ad20c GetLastError 496->509 497->438 498->499 504 666acebc-666acecb call 666ae760 499->504 505 666aceb6-666aceba 499->505 501->438 502->438 504->435 527 666acecd-666aced3 504->527 505->504 515 666acef6 505->515 508->496 513 666ad204 508->513 514 666ad20e-666ad211 509->514 519 666acf0a-666acf22 510->519 520 666acd5d-666acd73 call 6667ebac 510->520 511->494 513->514 514->501 517 666ad213-666ad222 514->517 518 666acefb-666acf03 515->518 517->452 517->501 518->523 524 666acf05 518->524 519->523 520->523 532 666acd79-666acd7c 520->532 522->523 526 666acddd-666ace0c WriteFile 522->526 523->438 524->458 526->435 529 666ace12-666ace20 526->529 527->515 528 666aced5-666aceee call 666ae760 527->528 528->435 536 666acef0-666acef2 528->536 529->523 533 666ace26-666ace30 529->533 532->522 533->518 535 666ace36-666ace68 WriteFile 533->535 535->435 537 666ace6e-666ace73 535->537 536->515 537->523 538 666ace79-666ace7f 537->538 538->518
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: U
                                                                                                                                                                • API String ID: 3902385426-4171548499
                                                                                                                                                                • Opcode ID: 7b440f42bdd183043f9995350f9096241e2969befe1d3af45bff954453e2dd4b
                                                                                                                                                                • Instruction ID: 59ae8ce366868ed019298272d069ccf4b22fbb83ab2b9ddf5ba5f4fa8a94e34d
                                                                                                                                                                • Opcode Fuzzy Hash: 7b440f42bdd183043f9995350f9096241e2969befe1d3af45bff954453e2dd4b
                                                                                                                                                                • Instruction Fuzzy Hash: DB020373714B8586EB108F29F44439ABB62F789B88F504116EF9A47B68DF7EC845CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D833BC38 Relevance: 31.1, APIs: 5, Strings: 12, Instructions: 1353stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: memset$fprintfsprintfstrlen
                                                                                                                                                                • String ID: @Corrupted pack file: magic/ver = %08X/%d.%d should be %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d OR %08X/%d.%d$Copy-mode.$EOF reading archive header$EOF reading archive magic number$EOF reading band headers$EOF reading fixed input buffer$Format bits for Java 7 must be zero in previous releases$High archive option bits are reserved and must be zero$bad value count$cannot allocate large input buffer for package file$impossible archive size$too much read-ahead
                                                                                                                                                                • API String ID: 3296595596-468648337
                                                                                                                                                                • Opcode ID: 3e0a4d2970d7a6cfc472ecb2032984ed473ea2ff722169ab37fe7198d05d17dd
                                                                                                                                                                • Instruction ID: b02b7a1705ebfb76a9b11b91d25b607f94dd80b26609320c26fd044360f0a1eb
                                                                                                                                                                • Opcode Fuzzy Hash: 3e0a4d2970d7a6cfc472ecb2032984ed473ea2ff722169ab37fe7198d05d17dd
                                                                                                                                                                • Instruction Fuzzy Hash: 6A628C72A04A8296EB28CBB9D6583BC63A1FB48784F5A4036DB5D87B55DF3CE471C304
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D8333004 Relevance: 8.4, APIs: 2, Strings: 3, Instructions: 887COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1520 7ff6d8333004-7ff6d8333032 1521 7ff6d8333034-7ff6d833303e call 7ff6d832115e 1520->1521 1522 7ff6d8333043-7ff6d833304b 1520->1522 1521->1522 1524 7ff6d833304d-7ff6d833305a call 7ff6d832115e 1522->1524 1525 7ff6d833305f-7ff6d8333097 call 7ff6d83214dd 1522->1525 1524->1525 1529 7ff6d8333659-7ff6d833366c 1525->1529 1530 7ff6d833309d-7ff6d83330df call 7ff6d8321618 call 7ff6d832115e 1525->1530 1535 7ff6d83330e5 1530->1535 1536 7ff6d8333253-7ff6d8333287 call 7ff6d832115e call 7ff6d83214e2 1530->1536 1537 7ff6d83330e8-7ff6d83330ec 1535->1537 1554 7ff6d833328d 1536->1554 1555 7ff6d8333332-7ff6d8333358 call 7ff6d83214e2 1536->1555 1539 7ff6d83330ee-7ff6d83330f1 1537->1539 1540 7ff6d83330f3-7ff6d833310b call 7ff6d83213d9 1537->1540 1542 7ff6d8333113-7ff6d8333117 1539->1542 1549 7ff6d833329c-7ff6d83332ab call 7ff6d83216b3 1540->1549 1550 7ff6d8333111 1540->1550 1546 7ff6d8333119-7ff6d8333121 1542->1546 1547 7ff6d8333126-7ff6d833313e 1542->1547 1551 7ff6d8333239-7ff6d8333243 1546->1551 1552 7ff6d833314d-7ff6d8333160 1547->1552 1553 7ff6d8333140-7ff6d833314b call 7ff6d83212fd 1547->1553 1565 7ff6d83332ac-7ff6d83332bf call 7ff6d83213d9 1549->1565 1550->1542 1550->1547 1551->1537 1558 7ff6d8333249-7ff6d833324e 1551->1558 1560 7ff6d8333196-7ff6d83331ab call 7ff6d83213b6 1552->1560 1561 7ff6d8333162-7ff6d8333193 call 7ff6d832141f call 7ff6d83213b6 1552->1561 1576 7ff6d83331af-7ff6d83331b6 1553->1576 1562 7ff6d8333292-7ff6d8333296 1554->1562 1573 7ff6d833335e 1555->1573 1574 7ff6d833346f-7ff6d833349b call 7ff6d832115e call 7ff6d83212fd 1555->1574 1558->1536 1560->1576 1561->1560 1564 7ff6d8333298-7ff6d833329a 1562->1564 1562->1565 1571 7ff6d83332c1-7ff6d83332c5 1564->1571 1565->1571 1580 7ff6d83332c7-7ff6d83332ca 1571->1580 1581 7ff6d83332cc-7ff6d83332e1 call 7ff6d83213d9 1571->1581 1579 7ff6d8333363-7ff6d8333367 1573->1579 1574->1529 1609 7ff6d83334a1-7ff6d83334bd call 7ff6d83213b6 1574->1609 1576->1529 1582 7ff6d83331bc-7ff6d83331c2 1576->1582 1585 7ff6d8333458-7ff6d8333469 1579->1585 1586 7ff6d833336d-7ff6d8333374 1579->1586 1587 7ff6d83332e7-7ff6d83332ed 1580->1587 1581->1587 1596 7ff6d8333506-7ff6d8333515 call 7ff6d83216b3 1581->1596 1588 7ff6d83331ea-7ff6d83331f1 1582->1588 1589 7ff6d83331c4-7ff6d83331e8 call 7ff6d83213d9 call 7ff6d833194c 1582->1589 1585->1574 1585->1579 1586->1585 1593 7ff6d833337a-7ff6d833338b call 7ff6d83212fd 1586->1593 1587->1596 1597 7ff6d83332f3-7ff6d83332f5 1587->1597 1598 7ff6d8333221-7ff6d833322e 1588->1598 1599 7ff6d83331f3-7ff6d8333205 call 7ff6d83211bd 1588->1599 1589->1588 1593->1529 1617 7ff6d8333391-7ff6d83333c6 memcpy call 7ff6d832115e 1593->1617 1619 7ff6d8333516-7ff6d8333526 call 7ff6d83213d9 1596->1619 1606 7ff6d8333317-7ff6d833332c 1597->1606 1607 7ff6d83332f7-7ff6d83332fb 1597->1607 1602 7ff6d8333233 1598->1602 1599->1529 1615 7ff6d833320b-7ff6d833321f call 7ff6d83213b6 1599->1615 1602->1551 1606->1555 1606->1562 1607->1606 1613 7ff6d83332fd-7ff6d8333313 call 7ff6d83213d9 1607->1613 1609->1529 1627 7ff6d83334c3-7ff6d83334e6 call 7ff6d83214e2 1609->1627 1613->1606 1615->1602 1617->1529 1631 7ff6d83333cc-7ff6d83333d1 1617->1631 1629 7ff6d8333529-7ff6d833352e 1619->1629 1640 7ff6d8333638-7ff6d8333654 call 7ff6d832110e 1627->1640 1641 7ff6d83334ec-7ff6d83334f8 1627->1641 1629->1529 1634 7ff6d8333534-7ff6d8333540 1629->1634 1632 7ff6d8333406-7ff6d8333419 call 7ff6d83211bd 1631->1632 1633 7ff6d83333d3-7ff6d83333eb call 7ff6d83213d9 1631->1633 1632->1529 1651 7ff6d833341f-7ff6d8333451 call 7ff6d83213b6 memcpy 1632->1651 1633->1529 1648 7ff6d83333f1-7ff6d8333404 call 7ff6d833194c 1633->1648 1637 7ff6d8333546-7ff6d833354b 1634->1637 1638 7ff6d833366d-7ff6d833385e call 7ff6d83216b3 call 7ff6d83216bd call 7ff6d832115e 1634->1638 1643 7ff6d833354e-7ff6d833355c 1637->1643 1669 7ff6d83338f4-7ff6d8333912 1638->1669 1670 7ff6d8333864-7ff6d833387a 1638->1670 1640->1529 1646 7ff6d83334fc-7ff6d83334ff 1641->1646 1649 7ff6d8333576-7ff6d8333579 1643->1649 1650 7ff6d833355e-7ff6d8333567 1643->1650 1646->1619 1652 7ff6d8333501-7ff6d8333504 1646->1652 1648->1632 1648->1633 1649->1643 1655 7ff6d8333569-7ff6d8333570 1650->1655 1656 7ff6d833357e-7ff6d83335e4 call 7ff6d8321604 call 7ff6d83214dd call 7ff6d8321181 1650->1656 1651->1585 1652->1629 1655->1649 1660 7ff6d8333572-7ff6d8333574 1655->1660 1656->1529 1676 7ff6d83335e6-7ff6d83335fa call 7ff6d83214ba 1656->1676 1660->1649 1664 7ff6d833357b 1660->1664 1664->1656 1670->1669 1672 7ff6d833387c-7ff6d8333880 1670->1672 1675 7ff6d8333884-7ff6d83338b3 call 7ff6d83214dd call 7ff6d832101e 1672->1675 1675->1669 1685 7ff6d83338b5-7ff6d83338ca 1675->1685 1682 7ff6d83335fc-7ff6d833360e 1676->1682 1683 7ff6d8333611-7ff6d8333632 1676->1683 1682->1683 1683->1640 1683->1646 1686 7ff6d83338e8-7ff6d83338f2 1685->1686 1687 7ff6d83338cc-7ff6d83338df call 7ff6d83214ba 1685->1687 1686->1669 1686->1675 1687->1686 1690 7ff6d83338e1-7ff6d83338e5 1687->1690 1690->1686
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: memcpy
                                                                                                                                                                • String ID: bad utf8 prefix$bad utf8 suffix$utf8 prefix overflow
                                                                                                                                                                • API String ID: 3510742995-2655234185
                                                                                                                                                                • Opcode ID: d985d079ee8ecb20848acb0658d3aede79fe9737bcf2712c00110baa21b784d1
                                                                                                                                                                • Instruction ID: bcb8c9e4eb78e9f28a0b840e0395bbfd64b8d65155bd9946ca9d0ca0392a8a58
                                                                                                                                                                • Opcode Fuzzy Hash: d985d079ee8ecb20848acb0658d3aede79fe9737bcf2712c00110baa21b784d1
                                                                                                                                                                • Instruction Fuzzy Hash: EE12C332A0864286EB64DFB5E5883BD63A0FB44B44F4A8432DB4DC7796DF3CE5618344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A8E68 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Heap$CreateInformationVersion
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3563531100-0
                                                                                                                                                                • Opcode ID: affa5e307324a24ab18884bb6118ed00515dec0b06829699a5c2c099920076a1
                                                                                                                                                                • Instruction ID: db438b6fd9966a55c22b0b6ae6e08188dc9bc3406baad352b3597545e4fc7311
                                                                                                                                                                • Opcode Fuzzy Hash: affa5e307324a24ab18884bb6118ed00515dec0b06829699a5c2c099920076a1
                                                                                                                                                                • Instruction Fuzzy Hash: CFE09A35721BD182FB84AB95F81976962A2FB88749F804418F90A03764DF7FC8A68B00
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AC1C8 Relevance: 32.0, APIs: 21, Instructions: 481COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2315031519-0
                                                                                                                                                                • Opcode ID: b4e0485f8ae0c06315ed19610103f378b27a5321f20211136e554b1c7a312fd6
                                                                                                                                                                • Instruction ID: 0ddedadcf4564074bc0aa5695b39c3ebe746528d9c3c38b03d00ae795f15c047
                                                                                                                                                                • Opcode Fuzzy Hash: b4e0485f8ae0c06315ed19610103f378b27a5321f20211136e554b1c7a312fd6
                                                                                                                                                                • Instruction Fuzzy Hash: 89126832B187C486EB028F6AF48039C3FA1F756B98F549205DE6B07792DB79C851C386
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666DB48 Relevance: 28.2, APIs: 3, Strings: 13, Instructions: 205COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1017 6666db48-6666db80 1018 6666db82-6666db88 1017->1018 1019 6666db8a-6666db8d 1017->1019 1018->1018 1018->1019 1020 6666dbbe 1019->1020 1021 6666db8f-6666db92 1019->1021 1022 6666dbc3 1020->1022 1023 6666dbb7-6666dbbc 1021->1023 1024 6666db94-6666db97 1021->1024 1025 6666dbc6-6666dbd0 1022->1025 1023->1025 1026 6666dbb0-6666dbb5 1024->1026 1027 6666db99-6666dba4 call 6666568c call 666b0500 1024->1027 1029 6666dbd6 1025->1029 1030 6666dd91-6666dd94 1025->1030 1026->1022 1039 6666dba9-6666dbab 1027->1039 1034 6666dbdc-6666dbde 1029->1034 1032 6666dd96-6666dd99 1030->1032 1033 6666dd8e 1030->1033 1032->1027 1036 6666dd9f-6666ddb5 call 666aac68 1032->1036 1033->1030 1037 6666dbe4-6666dbea 1034->1037 1038 6666dcd2-6666dcd5 1034->1038 1046 6666ddba-6666ddbc 1036->1046 1041 6666dc65-6666dc68 1037->1041 1042 6666dbec 1037->1042 1038->1030 1043 6666dcdb 1038->1043 1045 6666dde0-6666ddf6 1039->1045 1049 6666dcb7-6666dcbb 1041->1049 1050 6666dc6a-6666dc6d 1041->1050 1047 6666dbee-6666dbf1 1042->1047 1048 6666dc58-6666dc5b 1042->1048 1044 6666dce0-6666dce3 1043->1044 1051 6666dce5-6666dcfc call 66685438 1044->1051 1052 6666dcdd 1044->1052 1046->1039 1055 6666ddc2-6666dddd 1046->1055 1057 6666dbf7-6666dbfa 1047->1057 1058 6666dcc5-6666dccc 1047->1058 1054 6666dcbd-6666dcbf 1048->1054 1056 6666dc5d-6666dc63 1048->1056 1053 6666dcc1 1049->1053 1049->1054 1059 6666dc6f-6666dc71 1050->1059 1060 6666dca9-6666dcaf 1050->1060 1051->1027 1078 6666dd02-6666dd06 1051->1078 1052->1044 1053->1058 1054->1058 1055->1045 1056->1058 1065 6666dc43-6666dc47 1057->1065 1066 6666dbfc-6666dbfe 1057->1066 1058->1034 1058->1038 1061 6666dc73-6666dc76 1059->1061 1062 6666dc9c-6666dc9f 1059->1062 1060->1054 1064 6666dcb1-6666dcb5 1060->1064 1069 6666dc8e-6666dc91 1061->1069 1070 6666dc78-6666dc7b 1061->1070 1062->1054 1072 6666dca1-6666dca7 1062->1072 1064->1058 1065->1054 1073 6666dc49-6666dc56 1065->1073 1067 6666dc00-6666dc03 1066->1067 1068 6666dc3e-6666dc41 1066->1068 1074 6666dc05-6666dc08 1067->1074 1075 6666dc2c-6666dc30 1067->1075 1068->1054 1069->1054 1077 6666dc93-6666dc9a 1069->1077 1070->1027 1076 6666dc81-6666dc87 1070->1076 1072->1058 1073->1058 1079 6666dc23-6666dc27 1074->1079 1080 6666dc0a-6666dc0d 1074->1080 1075->1054 1083 6666dc36-6666dc39 1075->1083 1076->1054 1081 6666dc89-6666dc8c 1076->1081 1077->1058 1082 6666dd0b-6666dd0e 1078->1082 1079->1058 1080->1027 1084 6666dc0f-6666dc12 1080->1084 1081->1058 1085 6666dd10-6666dd13 1082->1085 1086 6666dd08 1082->1086 1083->1058 1084->1054 1087 6666dc18-6666dc1e 1084->1087 1085->1027 1088 6666dd19-6666dd1f 1085->1088 1086->1082 1087->1058 1088->1088 1089 6666dd21-6666dd38 call 6668595c 1088->1089 1092 6666dd44-6666dd5b call 6668595c 1089->1092 1093 6666dd3a-6666dd42 1089->1093 1096 6666dd67-6666dd7e call 6668595c 1092->1096 1097 6666dd5d-6666dd65 1092->1097 1093->1030 1096->1027 1100 6666dd84-6666dd8c 1096->1100 1097->1030 1100->1030
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo_wsopen_s
                                                                                                                                                                • String ID: $ $ $ $ $=$UNICODE$UTF-16LE$UTF-8$a$ccs$r$w
                                                                                                                                                                • API String ID: 2053332431-1561892669
                                                                                                                                                                • Opcode ID: be8cfeb5c387006be23d624cf51ec2d447e48e8dc9325e3ce185157e9bc078d3
                                                                                                                                                                • Instruction ID: 48d38acb0aa0d27a016b85f2c3869a19a00e8fc8392f7410dae7f8f410e4ad2c
                                                                                                                                                                • Opcode Fuzzy Hash: be8cfeb5c387006be23d624cf51ec2d447e48e8dc9325e3ce185157e9bc078d3
                                                                                                                                                                • Instruction Fuzzy Hash: 356142A3E2C24846FB220B27FD00B656E9967A2789F344014CE57CAA89D7BEC140C783
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D8331800 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1101 7ff6d8331800-7ff6d8331814 1102 7ff6d8331816-7ff6d833188e fprintf * 3 1101->1102 1103 7ff6d8331894-7ff6d833189b 1101->1103 1102->1103 1104 7ff6d833189d-7ff6d833189f call 7ff6d83216d6 1103->1104 1105 7ff6d83318a4-7ff6d83318ac 1103->1105 1104->1105 1107 7ff6d83318fe-7ff6d8331908 1105->1107 1108 7ff6d83318ae-7ff6d83318c2 __iob_func 1105->1108 1109 7ff6d83318c4-7ff6d83318d8 __iob_func 1108->1109 1110 7ff6d83318e5-7ff6d83318e8 fflush 1108->1110 1109->1110 1111 7ff6d83318da-7ff6d83318e3 fclose 1109->1111 1112 7ff6d83318ee-7ff6d83318f6 1110->1112 1111->1112 1112->1107
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • A total of %lld file content bytes were written., xrefs: 00007FF6D8331857
                                                                                                                                                                • A total of %lld bytes were read in %d segment(s)., xrefs: 00007FF6D8331824
                                                                                                                                                                • A total of %d files (of which %d are classes) were written to output., xrefs: 00007FF6D8331887
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: fprintf$__iob_func$fclosefflushfread
                                                                                                                                                                • String ID: A total of %d files (of which %d are classes) were written to output.$A total of %lld bytes were read in %d segment(s).$A total of %lld file content bytes were written.
                                                                                                                                                                • API String ID: 3911639636-543581554
                                                                                                                                                                • Opcode ID: 96971ce3c12141ca1ef8353bba46945713cf808a006de56b3caa6bfd7f63dc0c
                                                                                                                                                                • Instruction ID: 06a6cd8b94e65265fecfce3342e833d51dc53401b93ade5f4c13a7f7102b02ce
                                                                                                                                                                • Opcode Fuzzy Hash: 96971ce3c12141ca1ef8353bba46945713cf808a006de56b3caa6bfd7f63dc0c
                                                                                                                                                                • Instruction Fuzzy Hash: 8C21FB76A0A782C2EB509FB5D5587BC2361FB44B88F0D0133CE0D9B369DF299465C758
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B40C0 Relevance: 15.2, APIs: 10, Instructions: 206COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1113 666b40c0-666b40fd 1114 666b4129-666b4132 1113->1114 1115 666b40ff-666b4102 1113->1115 1117 666b413b-666b4165 MultiByteToWideChar 1114->1117 1118 666b4134-666b4137 1114->1118 1116 666b4105-666b410b 1115->1116 1119 666b4119-666b4125 1116->1119 1120 666b410d-666b4113 1116->1120 1121 666b416e-666b417a 1117->1121 1122 666b4167-666b4169 1117->1122 1118->1117 1119->1114 1124 666b4127 1119->1124 1120->1116 1123 666b4115 1120->1123 1126 666b41da-666b41dd 1121->1126 1127 666b417c-666b4189 1121->1127 1125 666b4364-666b4389 call 666b06b0 1122->1125 1123->1119 1124->1114 1126->1122 1128 666b41df-666b41ff MultiByteToWideChar 1126->1128 1127->1126 1130 666b418b-666b4197 1127->1130 1131 666b4351-666b435b 1128->1131 1132 666b4205-666b4229 LCMapStringW 1128->1132 1134 666b4199-666b41a0 1130->1134 1135 666b41c3-666b41ce call 666a8cbc 1130->1135 1137 666b435d call 666a8d78 1131->1137 1138 666b4362 1131->1138 1132->1131 1139 666b422f-666b4238 1132->1139 1140 666b41a2 1134->1140 1141 666b41a5-666b41b9 call 666630b0 1134->1141 1135->1126 1148 666b41d0 1135->1148 1137->1138 1138->1125 1144 666b423a-666b423f 1139->1144 1145 666b4271-666b4273 1139->1145 1140->1141 1141->1122 1153 666b41bb-666b41c1 1141->1153 1144->1131 1149 666b4245-666b4247 1144->1149 1150 666b42dc 1145->1150 1151 666b4275-666b4282 1145->1151 1154 666b41d6 1148->1154 1149->1131 1155 666b424d-666b426c LCMapStringW 1149->1155 1156 666b42de-666b42e1 1150->1156 1151->1150 1152 666b4284-666b428c 1151->1152 1157 666b428e-666b4295 1152->1157 1158 666b42c3-666b42ce call 666a8cbc 1152->1158 1153->1154 1154->1126 1155->1131 1156->1131 1159 666b42e3-666b4302 LCMapStringW 1156->1159 1160 666b42a1-666b42b5 call 666630b0 1157->1160 1161 666b4297 1157->1161 1158->1156 1173 666b42d0 1158->1173 1163 666b4340-666b434a 1159->1163 1164 666b4304-666b431b 1159->1164 1160->1131 1174 666b42bb-666b42c1 1160->1174 1161->1160 1163->1131 1168 666b434c call 666a8d78 1163->1168 1165 666b4328-666b4330 1164->1165 1166 666b431d-666b4326 1164->1166 1170 666b4335-666b433e WideCharToMultiByte 1165->1170 1166->1170 1168->1131 1170->1163 1175 666b42d6-666b42da 1173->1175 1174->1175 1175->1156
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 666B415A
                                                                                                                                                                • malloc.LIBCMT ref: 666B41C3
                                                                                                                                                                • MultiByteToWideChar.KERNEL32 ref: 666B41F7
                                                                                                                                                                • LCMapStringW.KERNELBASE ref: 666B421E
                                                                                                                                                                • LCMapStringW.KERNEL32 ref: 666B4266
                                                                                                                                                                • malloc.LIBCMT ref: 666B42C3
                                                                                                                                                                  • Part of subcall function 666A8CBC: _FF_MSGBANNER.LIBCMT ref: 666A8CEC
                                                                                                                                                                  • Part of subcall function 666A8CBC: RtlAllocateHeap.NTDLL(?,?,?,666A8AC0,?,?,?,666616B5,?,?,?,66661763), ref: 666A8D11
                                                                                                                                                                  • Part of subcall function 666A8CBC: _errno.LIBCMT ref: 666A8D35
                                                                                                                                                                  • Part of subcall function 666A8CBC: _errno.LIBCMT ref: 666A8D40
                                                                                                                                                                • LCMapStringW.KERNEL32 ref: 666B42F8
                                                                                                                                                                • WideCharToMultiByte.KERNEL32 ref: 666B4338
                                                                                                                                                                • free.LIBCMT ref: 666B434C
                                                                                                                                                                • free.LIBCMT ref: 666B435D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiStringWide$_errnofreemalloc$AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3322442479-0
                                                                                                                                                                • Opcode ID: dd2ded8152f853ee264ca2b8e9288870f6f639ea0a37b138959e24b7fbacf29e
                                                                                                                                                                • Instruction ID: f442dcf014627da099e043ae296be559b3aa0ae6320f1928a9c4ecd488a8e278
                                                                                                                                                                • Opcode Fuzzy Hash: dd2ded8152f853ee264ca2b8e9288870f6f639ea0a37b138959e24b7fbacf29e
                                                                                                                                                                • Instruction Fuzzy Hash: 9271C472B04B80C6EB148F26F84065977A5FB58BE8F484325EE6D57B98DBB8C521C700
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AC8F4 Relevance: 13.6, APIs: 9, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1176 666ac8f4-666ac91b 1177 666ac91d-666ac931 call 666656b4 call 6666568c 1176->1177 1178 666ac936-666ac93a 1176->1178 1192 666ac9f4 1177->1192 1179 666ac9dd-666ac9e9 call 666656b4 call 6666568c 1178->1179 1180 666ac940-666ac946 1178->1180 1198 666ac9ef call 666b0500 1179->1198 1180->1179 1182 666ac94c-666ac972 1180->1182 1182->1179 1185 666ac974-666ac982 1182->1185 1188 666ac998-666ac9aa call 666adb88 1185->1188 1189 666ac984-666ac996 call 666656b4 call 6666568c 1185->1189 1201 666ac9ac-666ac9b4 call 666ac1c8 1188->1201 1202 666ac9bd-666ac9cf call 6666568c call 666656b4 1188->1202 1189->1198 1199 666ac9f7-666aca0e 1192->1199 1198->1192 1208 666ac9b9-666ac9bb 1201->1208 1210 666ac9d2-666ac9db call 666adc34 1202->1210 1208->1210 1210->1199
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2315031519-0
                                                                                                                                                                • Opcode ID: c73f99c3a6531b4a9b08a0413679ce7391d4a4e74abc3fa6504582ebc24965a0
                                                                                                                                                                • Instruction ID: 6656b369e2f2da08ba637e7f2d7b14a88b5392c301fd15375f28ed3197c330b9
                                                                                                                                                                • Opcode Fuzzy Hash: c73f99c3a6531b4a9b08a0413679ce7391d4a4e74abc3fa6504582ebc24965a0
                                                                                                                                                                • Instruction Fuzzy Hash: 89213A723143408AD7025F67FD8131D7EA1BB9176CF464219EA268F7A1CB78CC51C76A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66660B0C Relevance: 12.1, APIs: 8, Instructions: 123COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1214 66660b0c-66660b33 1215 66660b35-66660b45 GetModuleHandleW 1214->1215 1216 66660ba2-66660bb4 call 66661740 1214->1216 1215->1216 1218 66660b47-66660b55 1215->1218 1223 66660c94-66660c97 1216->1223 1224 66660bba-66660bcd 1216->1224 1218->1216 1220 66660b57-66660b61 1218->1220 1221 66660b83-66660b88 1220->1221 1222 66660b63-66660b68 1220->1222 1221->1216 1227 66660b8a-66660b8c 1221->1227 1225 66660b6e-66660b76 1222->1225 1226 66660b6a-66660b6c 1222->1226 1228 66660ca8-66660cc7 call 66661634 call 66660904 ExitProcess 1223->1228 1229 66660c99-66660ca6 call 66661634 1223->1229 1224->1223 1230 66660bd3-66660beb DecodePointer 1224->1230 1225->1216 1233 66660b78-66660b81 1225->1233 1231 66660b96-66660b98 1226->1231 1234 66660b93 1227->1234 1229->1228 1241 66660cce-66660ce5 1229->1241 1230->1223 1236 66660bf1-66660c11 DecodePointer 1230->1236 1231->1216 1240 66660b9a-66660b9d call 66660904 1231->1240 1233->1234 1234->1231 1238 66660c16-66660c22 1236->1238 1238->1223 1242 66660c24-66660c2c call 66661f3c 1238->1242 1240->1216 1248 66660c30-66660c33 1242->1248 1249 66660c2e 1242->1249 1248->1223 1250 66660c35-66660c6b DecodePointer call 66661f3c DecodePointer * 2 1248->1250 1249->1238 1254 66660c72-66660c92 1250->1254 1255 66660c6d-66660c70 1250->1255 1254->1249 1255->1249 1255->1254
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00000000,66660D95,?,?,00000000,6666176F), ref: 66660B37
                                                                                                                                                                • _lock.LIBCMT ref: 66660BA7
                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,66660D95,?,?,00000000,6666176F), ref: 66660BDA
                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,66660D95,?,?,00000000,6666176F), ref: 66660BF8
                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,66660D95,?,?,00000000,6666176F), ref: 66660C38
                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,66660D95,?,?,00000000,6666176F), ref: 66660C52
                                                                                                                                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,00000000,66660D95,?,?,00000000,6666176F), ref: 66660C62
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 66660CC7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DecodePointer$ExitHandleModuleProcess_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 499131415-0
                                                                                                                                                                • Opcode ID: 1fac90e4e148d4432301285cd5cd77b94e726262e77ce1c531bf42e548951eac
                                                                                                                                                                • Instruction ID: 16968fea86bfceecda65a7b00ad5a21f4d4589e344c4d127aad5fbaffd0546c3
                                                                                                                                                                • Opcode Fuzzy Hash: 1fac90e4e148d4432301285cd5cd77b94e726262e77ce1c531bf42e548951eac
                                                                                                                                                                • Instruction Fuzzy Hash: 2E41C33162674082E7409F17FE5031976A6F788BD9F104835EA8AC3750EF7AC4A5C792
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666D2B0 Relevance: 10.6, APIs: 7, Instructions: 95COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1256 6666d2b0-6666d2c5 1257 6666d2c7-6666d2d7 call 6666568c call 666b0500 1256->1257 1258 6666d2dc-6666d2e1 1256->1258 1261 6666d3ef 1257->1261 1260 6666d2e7-6666d2e9 1258->1260 1258->1261 1260->1261 1262 6666d2ef-6666d2f1 1260->1262 1263 6666d3f2-6666d401 1261->1263 1265 6666d2f3-6666d2f9 1262->1265 1266 6666d2fe-6666d309 1262->1266 1265->1261 1268 6666d312-6666d316 1266->1268 1269 6666d30b-6666d310 call 6666daf4 1266->1269 1272 6666d319-6666d32b call 6666cca8 call 666ac8f4 1268->1272 1269->1272 1277 6666d330-6666d335 1272->1277 1278 6666d3de-6666d3eb 1277->1278 1279 6666d33b-6666d33e 1277->1279 1278->1261 1279->1278 1280 6666d344-6666d348 1279->1280 1281 6666d34a-6666d355 call 6666cca8 1280->1281 1282 6666d3a9-6666d3b0 1280->1282 1288 6666d357-6666d362 call 6666cca8 1281->1288 1289 6666d393 1281->1289 1283 6666d3b2-6666d3b6 1282->1283 1284 6666d3cd-6666d3dc 1282->1284 1283->1284 1287 6666d3b8-6666d3ca 1283->1287 1284->1263 1287->1284 1288->1289 1294 6666d364-6666d391 call 6666cca8 * 2 1288->1294 1291 6666d39a-6666d3a2 1289->1291 1291->1282 1293 6666d3a4 1291->1293 1293->1282 1294->1291
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 5f2f13ecd506f7c12e2675c591160011000c1d7bdfaca4ac30261aa2843c0b25
                                                                                                                                                                • Instruction ID: d150ad416db289dd612ad0e8eef5c0f0a97a983bef32d7d350f559bdc2d8ed5c
                                                                                                                                                                • Opcode Fuzzy Hash: 5f2f13ecd506f7c12e2675c591160011000c1d7bdfaca4ac30261aa2843c0b25
                                                                                                                                                                • Instruction Fuzzy Hash: 7D319232A5468087DB148F7BF68035C3BA0F747798F304616DB6AE7A90DB74C8A2C746
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D833EC24 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78sleepCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1299 7ff6d833ec24-7ff6d833ec3b 1300 7ff6d833ec3d-7ff6d833ec48 1299->1300 1301 7ff6d833ec4a-7ff6d833ec4d 1300->1301 1302 7ff6d833ec65 1300->1302 1303 7ff6d833ec58-7ff6d833ec63 Sleep 1301->1303 1304 7ff6d833ec4f-7ff6d833ec56 1301->1304 1305 7ff6d833ec6a-7ff6d833ec72 1302->1305 1303->1300 1304->1305 1306 7ff6d833ec80-7ff6d833ec88 1305->1306 1307 7ff6d833ec74-7ff6d833ec7e _amsg_exit 1305->1307 1309 7ff6d833ec8a-7ff6d833eca5 call 7ff6d833f2a8 1306->1309 1310 7ff6d833ecb1 1306->1310 1308 7ff6d833ecb7-7ff6d833ecbf 1307->1308 1312 7ff6d833ecc1-7ff6d833ecd4 _initterm 1308->1312 1313 7ff6d833ecde-7ff6d833ece0 1308->1313 1309->1308 1317 7ff6d833eca7-7ff6d833ecac 1309->1317 1310->1308 1312->1313 1315 7ff6d833eceb-7ff6d833ecf3 1313->1315 1316 7ff6d833ece2-7ff6d833ece4 1313->1316 1318 7ff6d833ecf5-7ff6d833ed03 call 7ff6d833f260 1315->1318 1319 7ff6d833ed14-7ff6d833ed4b call 7ff6d83214c4 1315->1319 1316->1315 1321 7ff6d833ed99-7ff6d833eda3 1317->1321 1318->1319 1327 7ff6d833ed05-7ff6d833ed0c 1318->1327 1325 7ff6d833ed4d-7ff6d833ed4f exit 1319->1325 1326 7ff6d833ed55-7ff6d833ed5c 1319->1326 1325->1326 1328 7ff6d833ed6a 1326->1328 1329 7ff6d833ed5e-7ff6d833ed64 _cexit 1326->1329 1327->1319 1328->1321 1329->1328
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep_amsg_exit_cexit_inittermexit
                                                                                                                                                                • String ID: sof
                                                                                                                                                                • API String ID: 3013873195-995910778
                                                                                                                                                                • Opcode ID: bd4ea5ab91947faa5e585ce8b44e409ce4ad637c49924bda7e62aac87e67a2c5
                                                                                                                                                                • Instruction ID: a728d242027581472865d9c99c9eeddbd408eaae9a39a5d8284cd8b3afda5625
                                                                                                                                                                • Opcode Fuzzy Hash: bd4ea5ab91947faa5e585ce8b44e409ce4ad637c49924bda7e62aac87e67a2c5
                                                                                                                                                                • Instruction Fuzzy Hash: E841AD6490860786F7509BF9E89C27D3360BF88764F5E4437D90DC67A1DE6DA8648708
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AD308 Relevance: 10.6, APIs: 7, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1330 666ad308-666ad329 1331 666ad32b-666ad33e call 666656b4 call 6666568c 1330->1331 1332 666ad343-666ad345 1330->1332 1347 666ad3d2 1331->1347 1334 666ad3ba-666ad3cd call 666656b4 call 6666568c call 666b0500 1332->1334 1335 666ad347-666ad34d 1332->1335 1334->1347 1335->1334 1338 666ad34f-666ad373 1335->1338 1338->1334 1341 666ad375-666ad386 call 666adb88 1338->1341 1349 666ad388-666ad390 call 666acba0 1341->1349 1350 666ad399-666ad3ac call 6666568c call 666656b4 1341->1350 1351 666ad3d5-666ad3e6 1347->1351 1354 666ad395-666ad397 1349->1354 1356 666ad3af-666ad3b8 call 666adc34 1350->1356 1354->1356 1356->1351
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 921712934-0
                                                                                                                                                                • Opcode ID: cb3d93b428fb162e22540ccd785e7fa987475e45698172ca680a63b20d55bfa7
                                                                                                                                                                • Instruction ID: 10d7966452be3e6e5a034e024fcc994f5b33428248172158c979fd33a2907979
                                                                                                                                                                • Opcode Fuzzy Hash: cb3d93b428fb162e22540ccd785e7fa987475e45698172ca680a63b20d55bfa7
                                                                                                                                                                • Instruction Fuzzy Hash: 4A113B733147408AE7065F26FD5131D7E12A7927AAF494204DEA58B3E2CBB88C51C7AA
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A9E40 Relevance: 10.6, APIs: 7, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1361 666a9e40-666a9e57 1362 666a9e59-666a9e6c call 666656b4 call 6666568c 1361->1362 1363 666a9e71-666a9e73 1361->1363 1376 666a9ef2 1362->1376 1365 666a9eda-666a9eed call 666656b4 call 6666568c call 666b0500 1363->1365 1366 666a9e75-666a9e7b 1363->1366 1365->1376 1366->1365 1369 666a9e7d-666a9ea1 1366->1369 1369->1365 1372 666a9ea3-666a9eb4 call 666adb88 1369->1372 1380 666a9ec1-666a9ecc call 6666568c 1372->1380 1381 666a9eb6-666a9eb8 call 666a9d7c 1372->1381 1379 666a9ef5-666a9f02 1376->1379 1387 666a9ecf-666a9ed8 call 666adc34 1380->1387 1385 666a9ebd-666a9ebf 1381->1385 1385->1387 1387->1379
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_close_nolock_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 186997739-0
                                                                                                                                                                • Opcode ID: 6794680a11a6e8046d3432e54661819eec51f3dd76ed073e487249ee0877f945
                                                                                                                                                                • Instruction ID: afb22c36bf5e13fb1cccace3f4dbbc0de81a93121934af5cf15ddffe64781723
                                                                                                                                                                • Opcode Fuzzy Hash: 6794680a11a6e8046d3432e54661819eec51f3dd76ed073e487249ee0877f945
                                                                                                                                                                • Instruction Fuzzy Hash: 9A1122326247C086E7055F26FC8031C7E11BB817A9F250724DA264B3D3CB79C850C769
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66684320 Relevance: 9.1, APIs: 6, Instructions: 118COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1390 66684320-66684360 call 666620f0 call 66683ef4 call 66683fb4 1397 666844db-666844dd 1390->1397 1398 66684366-66684378 call 666a8a90 1390->1398 1400 666844e0-666844fd 1397->1400 1398->1400 1402 6668437e-6668439b call 6667bf60 call 6668404c 1398->1402 1406 666843a0-666843a5 1402->1406 1407 666843ab-666843bc 1406->1407 1408 666844b5-666844b8 1406->1408 1410 666843be-666843c8 1407->1410 1411 666843cf-666843e0 1407->1411 1408->1400 1409 666844ba-666844c4 1408->1409 1414 666844ce-666844d9 call 6666568c 1409->1414 1415 666844c6-666844c9 call 666a8d78 1409->1415 1410->1411 1412 666843ca call 666a8d78 1410->1412 1411->1400 1413 666843e6-666843ed 1411->1413 1412->1411 1413->1400 1417 666843f3-6668441d call 66661740 1413->1417 1414->1400 1415->1414 1423 66684424-6668442b 1417->1423 1424 6668442d-66684440 1423->1424 1425 66684442 1423->1425 1424->1423 1426 66684444-6668444e 1425->1426 1427 66684450-66684461 1426->1427 1428 66684463-6668446d 1426->1428 1427->1426 1429 6668446f-66684483 1428->1429 1430 66684485-6668448f 1428->1430 1429->1428 1431 66684491-6668449b 1430->1431 1432 666844a2-666844b3 call 66661634 1430->1432 1431->1432 1433 6668449d call 666a8d78 1431->1433 1432->1400 1433->1432
                                                                                                                                                                APIs
                                                                                                                                                                • _getptd.LIBCMT ref: 6668433F
                                                                                                                                                                  • Part of subcall function 666620F0: _amsg_exit.LIBCMT ref: 66662106
                                                                                                                                                                  • Part of subcall function 66683EF4: _getptd.LIBCMT ref: 66683EFE
                                                                                                                                                                  • Part of subcall function 66683EF4: _amsg_exit.LIBCMT ref: 66683F9B
                                                                                                                                                                  • Part of subcall function 66683FB4: GetOEMCP.KERNEL32(?,?,?,?,?,?,?,6668435A,?,?,?,?,?,66684512), ref: 66683FDE
                                                                                                                                                                  • Part of subcall function 666A8A90: malloc.LIBCMT ref: 666A8ABB
                                                                                                                                                                  • Part of subcall function 666A8A90: Sleep.KERNEL32(?,?,?,666616B5,?,?,?,66661763,?,?,?,?,?,?,00000000,666620BC), ref: 666A8ACE
                                                                                                                                                                • free.LIBCMT ref: 666843CA
                                                                                                                                                                  • Part of subcall function 666A8D78: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8D8E
                                                                                                                                                                  • Part of subcall function 666A8D78: _errno.LIBCMT ref: 666A8D98
                                                                                                                                                                  • Part of subcall function 666A8D78: GetLastError.KERNEL32(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8DA0
                                                                                                                                                                • _lock.LIBCMT ref: 666843FA
                                                                                                                                                                • free.LIBCMT ref: 6668449D
                                                                                                                                                                • free.LIBCMT ref: 666844C9
                                                                                                                                                                • _errno.LIBCMT ref: 666844CE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free$_amsg_exit_errno_getptd$ErrorLanguagesLastPreferredRestoreSleepThread_lockmalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2431863963-0
                                                                                                                                                                • Opcode ID: ab1629295514acff77899a408cf7c26af5538d43075f97a93424280d98b97df5
                                                                                                                                                                • Instruction ID: f694ac857060174a0ddfed79212fd65bfb585fb3b0c6dc17290922c6e056db8e
                                                                                                                                                                • Opcode Fuzzy Hash: ab1629295514acff77899a408cf7c26af5538d43075f97a93424280d98b97df5
                                                                                                                                                                • Instruction Fuzzy Hash: 4A41F336604A8086D714CF36F84035EBFAAF7C0B98F14411ADA5A87769CFBEC412C7A5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666119C Relevance: 9.1, APIs: 6, Instructions: 98threadCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1437 6666119c-666611ac 1438 666611b2-666611b9 call 666a8e68 1437->1438 1439 66661233-66661235 1437->1439 1444 666611bb-666611bd 1438->1444 1452 666611c2-666611c9 call 666622bc 1438->1452 1440 66661237-6666123f 1439->1440 1441 6666128d-66661290 1439->1441 1443 66661245-66661253 1440->1443 1440->1444 1446 666612f7-666612fa 1441->1446 1447 66661292-666612a6 call 666b4924 FlsGetValue 1441->1447 1448 66661255 call 66660d44 1443->1448 1449 6666125a-66661262 call 66660cec 1443->1449 1453 6666130d-66661312 1444->1453 1450 66661303-66661308 call 66661194 1446->1450 1451 666612fc-666612fe call 66662258 1446->1451 1447->1450 1464 666612a8-666612bb call 666a8b14 1447->1464 1448->1449 1465 66661274-66661277 1449->1465 1466 66661264-66661273 call 666a9d00 call 66661f7c call 666a8ec4 1449->1466 1450->1453 1451->1450 1467 666611d2-666611d9 call 666a9a28 1452->1467 1468 666611cb-666611d0 call 666a8ec4 1452->1468 1464->1444 1478 666612c1-666612d5 FlsSetValue 1464->1478 1465->1450 1474 6666127d-66661284 1465->1474 1466->1465 1484 666611e2-66661208 call 666b17b8 GetCommandLineA GetCommandLineW call 66684504 1467->1484 1485 666611db-666611e0 call 66661f7c 1467->1485 1468->1444 1474->1450 1475 66661286-6666128b call 66661f7c 1474->1475 1475->1450 1482 666612d7-666612eb call 66661fa8 GetCurrentThreadId 1478->1482 1483 666612ed-666612f2 call 666a8d78 1478->1483 1482->1450 1483->1444 1499 6666120d-66661214 call 66661a54 1484->1499 1485->1468 1502 66661216-6666121f call 66660ac0 1499->1502 1503 6666122c-66661231 call 666a9d00 1499->1503 1502->1503 1508 66661221-66661227 1502->1508 1503->1485 1508->1450
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 666A8E68: HeapCreate.KERNELBASE ref: 666A8E7E
                                                                                                                                                                  • Part of subcall function 666A8E68: GetVersion.KERNEL32 ref: 666A8E90
                                                                                                                                                                  • Part of subcall function 666A8E68: HeapSetInformation.KERNEL32 ref: 666A8EAE
                                                                                                                                                                  • Part of subcall function 666A9A28: GetStartupInfoW.KERNEL32 ref: 666A9A49
                                                                                                                                                                • GetCommandLineA.KERNEL32 ref: 666611EE
                                                                                                                                                                • GetCommandLineW.KERNEL32 ref: 666611FB
                                                                                                                                                                  • Part of subcall function 66661F7C: FlsFree.KERNEL32(?,?,?,?,6666128B), ref: 66661F8B
                                                                                                                                                                  • Part of subcall function 666A9D00: free.LIBCMT ref: 666A9D51
                                                                                                                                                                • FlsGetValue.KERNEL32 ref: 6666129D
                                                                                                                                                                  • Part of subcall function 666A8B14: Sleep.KERNEL32(?,?,?,66662097,?,?,?,66665695,?,?,?,?,666A8D9D), ref: 666A8B59
                                                                                                                                                                • FlsSetValue.KERNEL32 ref: 666612CA
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 666612DE
                                                                                                                                                                • free.LIBCMT ref: 666612ED
                                                                                                                                                                  • Part of subcall function 666A8D78: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8D8E
                                                                                                                                                                  • Part of subcall function 666A8D78: _errno.LIBCMT ref: 666A8D98
                                                                                                                                                                  • Part of subcall function 666A8D78: GetLastError.KERNEL32(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8DA0
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CommandHeapLineThreadValuefree$CreateCurrentErrorFreeInfoInformationLanguagesLastPreferredRestoreSleepStartupVersion_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1955890385-0
                                                                                                                                                                • Opcode ID: aeb80049713ddb6d76430c91686d14fce8d6ce0e7ab55043b8c56c6e115be808
                                                                                                                                                                • Instruction ID: 6761b114c62e13a7ce87c2aefcbfb49d0cebb1a05ae9eb8ae623574a11dff2b8
                                                                                                                                                                • Opcode Fuzzy Hash: aeb80049713ddb6d76430c91686d14fce8d6ce0e7ab55043b8c56c6e115be808
                                                                                                                                                                • Instruction Fuzzy Hash: 6E31A630A147818AF704AB7FFC40759EEEA6F5675BF104229D852C1650EF3AD8B1C29B
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D833D7BC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 97fileCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errnoexitfprintffwrite
                                                                                                                                                                • String ID: Error: write on output file failed err=%d
                                                                                                                                                                • API String ID: 4066964629-1607065499
                                                                                                                                                                • Opcode ID: aa337bb868b753f905566c750810d07b1bb2ae17a44b2d55ecb872d3a011d7d5
                                                                                                                                                                • Instruction ID: 5c99bc5e7e63a55e6574eb04315471cd042223b94536c473577d94096c2eb405
                                                                                                                                                                • Opcode Fuzzy Hash: aa337bb868b753f905566c750810d07b1bb2ae17a44b2d55ecb872d3a011d7d5
                                                                                                                                                                • Instruction Fuzzy Hash: 2D21F826B2874182E750CBB5E85866D3370FF88B84F455036EB0D87B19DF6DE9218B08
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666E8D4 Relevance: 7.7, APIs: 5, Instructions: 170COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_fileno_invalid_parameter_noinfomemcpy_s
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 897514287-0
                                                                                                                                                                • Opcode ID: a784001c306e31ff0458e3efdcdeee308e078209800d283f92cce220490b4d18
                                                                                                                                                                • Instruction ID: b7be1f797eade71a1a11d3e693db86eb0512da3d26320961b99699c3feace2eb
                                                                                                                                                                • Opcode Fuzzy Hash: a784001c306e31ff0458e3efdcdeee308e078209800d283f92cce220490b4d18
                                                                                                                                                                • Instruction Fuzzy Hash: 2C51E83170D6C086AA148E67FE006697E60BB96FF8F1447216E79D7BD4DB38D0A2C742
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D833D8F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: exitfopenfprintffread
                                                                                                                                                                • String ID: Error: Could not open jar file: %s
                                                                                                                                                                • API String ID: 2230209342-2195489922
                                                                                                                                                                • Opcode ID: d7091f62ff20cc82e5721262004d95456b5beacdaedab9a1d741651844288fca
                                                                                                                                                                • Instruction ID: 3f3326dca5bd9aeac11537fc7d33d87af7b0a63a8fa2a1d6c5f0136c480dd174
                                                                                                                                                                • Opcode Fuzzy Hash: d7091f62ff20cc82e5721262004d95456b5beacdaedab9a1d741651844288fca
                                                                                                                                                                • Instruction Fuzzy Hash: 43F05EA1A09B4291EF048BBAE96833C2365FF88BC4F494037CA0D87758DF3DD4A58704
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666F90C Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_fileno_flush_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 329365992-0
                                                                                                                                                                • Opcode ID: 0c0dfdd84e5817584e01d141bb9dc2785915f4f39edf2a4517360e9f49364fd7
                                                                                                                                                                • Instruction ID: df2e2bcbd2ae62753900b9b74a8c4b2bdda837a8c2b137342c013f8830133a1e
                                                                                                                                                                • Opcode Fuzzy Hash: 0c0dfdd84e5817584e01d141bb9dc2785915f4f39edf2a4517360e9f49364fd7
                                                                                                                                                                • Instruction Fuzzy Hash: 273138317047818BEB188E67F94021ABA93B7C9FECF144334AEA6C7B94D638C441C746
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666D788 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _fileno.LIBCMT ref: 6666D7A5
                                                                                                                                                                  • Part of subcall function 6666CCA8: _errno.LIBCMT ref: 6666CCB1
                                                                                                                                                                  • Part of subcall function 6666CCA8: _invalid_parameter_noinfo.LIBCMT ref: 6666CCBC
                                                                                                                                                                • _errno.LIBCMT ref: 6666D7B5
                                                                                                                                                                • _errno.LIBCMT ref: 6666D7D1
                                                                                                                                                                • _isatty.LIBCMT ref: 6666D832
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_fileno_invalid_parameter_noinfo_isatty
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2574541689-0
                                                                                                                                                                • Opcode ID: d993ca6e763f2482693c4482de163a4faa54e7cc5209989864811cc426ba182f
                                                                                                                                                                • Instruction ID: 8143de1f300015f6901dae170c24e3af6045b917fa8276fbebaf59ab9f931643
                                                                                                                                                                • Opcode Fuzzy Hash: d993ca6e763f2482693c4482de163a4faa54e7cc5209989864811cc426ba182f
                                                                                                                                                                • Instruction Fuzzy Hash: 7741F772A14B449ADB048F3AF85135C7F60E785F98F24521ACA79C73E4DB78C851C782
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666E590 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 951ed9446791b3c094cdcfd5e11f673d2690e65391338c55ddcbfbf4b897c742
                                                                                                                                                                • Instruction ID: 564e2a85ba9843a8b95091887d3faa4c212390bf55d3c296b8e72c3837eb6a53
                                                                                                                                                                • Opcode Fuzzy Hash: 951ed9446791b3c094cdcfd5e11f673d2690e65391338c55ddcbfbf4b897c742
                                                                                                                                                                • Instruction Fuzzy Hash: 9111B2716197C285EB018B23BC1020EAEA5BB45BC4F0855219E89CBB58EF3CC050875A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D8337624 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: fprintf
                                                                                                                                                                • String ID: EOF reading resource file$Wrote %lld bytes to: %s
                                                                                                                                                                • API String ID: 383729395-1301798111
                                                                                                                                                                • Opcode ID: 25b17412226b0eaa18611e80c3e45908992728f74babacb43db2a0153680053a
                                                                                                                                                                • Instruction ID: 16a3249c55d527236361d18a1a558940eba40164a40d86df953fb76c37a808e4
                                                                                                                                                                • Opcode Fuzzy Hash: 25b17412226b0eaa18611e80c3e45908992728f74babacb43db2a0153680053a
                                                                                                                                                                • Instruction Fuzzy Hash: 7E517C72618B8285EB60DF66E0483AD33A0F749B84F194136DB9D4BB99DF3DE4A4C344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D833DB5C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: memset
                                                                                                                                                                • String ID: 1.2.11$X
                                                                                                                                                                • API String ID: 2221118986-2112016779
                                                                                                                                                                • Opcode ID: b8a4c51c0d3cdf0234bbd008555082c4498db6d60df36434b2de9faef98df8e9
                                                                                                                                                                • Instruction ID: 6977f0aac5219259e7e34a6f3508be33aad25fa07436a1da54af9ce4e8f943e9
                                                                                                                                                                • Opcode Fuzzy Hash: b8a4c51c0d3cdf0234bbd008555082c4498db6d60df36434b2de9faef98df8e9
                                                                                                                                                                • Instruction Fuzzy Hash: 5141CC72B14A819AEB20CFB5D0443AD73A0FB48B84F498536DB5D87B85EF39E924C744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666E3EC Relevance: 4.6, APIs: 3, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _lock.LIBCMT ref: 6666E40F
                                                                                                                                                                  • Part of subcall function 66661740: _amsg_exit.LIBCMT ref: 6666176A
                                                                                                                                                                • _fflush_nolock.LIBCMT ref: 6666E465
                                                                                                                                                                • _fflush_nolock.LIBCMT ref: 6666E482
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _fflush_nolock$_amsg_exit_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1679097844-0
                                                                                                                                                                • Opcode ID: db5df85f9b72c9654be9244a5736203ccee1e2e8dd9dd9b46eec99b1f3cbba17
                                                                                                                                                                • Instruction ID: 4e9f12db6a23f8f7afc0c71a852c106426e63b300499ec0ddaa116f809600cfd
                                                                                                                                                                • Opcode Fuzzy Hash: db5df85f9b72c9654be9244a5736203ccee1e2e8dd9dd9b46eec99b1f3cbba17
                                                                                                                                                                • Instruction Fuzzy Hash: 93219276618BC482DA108F2BFD8030EBFA6F7C4BA8F145519DD96836A4CFB9C491C746
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D832F6D4 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __iob_func_errnofread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2593604610-0
                                                                                                                                                                • Opcode ID: 426467dc6156af1f5c3415a95bee1d9199079cc9bf14e58416e6522892495617
                                                                                                                                                                • Instruction ID: 173236efa6160301054236360fb992422f918920d0d2880bd93eea5b568e52e4
                                                                                                                                                                • Opcode Fuzzy Hash: 426467dc6156af1f5c3415a95bee1d9199079cc9bf14e58416e6522892495617
                                                                                                                                                                • Instruction Fuzzy Hash: B2014E21B08B45C2EA609FEAA80477E6250FB44FD4F4D0032EE4CC3745DE3CE5918344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D83216D6 Relevance: 4.5, APIs: 3, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: fflush$fclosestrlen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1406774153-0
                                                                                                                                                                • Opcode ID: 005bdf72657ee526d72f192ca0d34d3930d0afa63b0733695a5ddcb3f8948932
                                                                                                                                                                • Instruction ID: 59d9dc2a2c8d1a51e23400d49f1bbc9bde9b18c385d5e7a551d7000826b0ef85
                                                                                                                                                                • Opcode Fuzzy Hash: 005bdf72657ee526d72f192ca0d34d3930d0afa63b0733695a5ddcb3f8948932
                                                                                                                                                                • Instruction Fuzzy Hash: A6012162A08A0281EB649FB5D45837C3360FF44F88F1A5032D60E86799DF3DEDA8C748
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D833D6E0 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: mallocmemset
                                                                                                                                                                • String ID: Native allocation failed
                                                                                                                                                                • API String ID: 2882185209-612108426
                                                                                                                                                                • Opcode ID: 9e0abe371c025ab1551e9f113e0f7ddf46397790c9ccf865cb311daed3481c59
                                                                                                                                                                • Instruction ID: 6ea162c44673b0719ec3cd93cd49cbf3740176b32139fbbec8f8ae5616d6a72e
                                                                                                                                                                • Opcode Fuzzy Hash: 9e0abe371c025ab1551e9f113e0f7ddf46397790c9ccf865cb311daed3481c59
                                                                                                                                                                • Instruction Fuzzy Hash: 63F0E501F0D28781FF64AFF2B55817D51909F887E0F5E4132DE1E867C5DD2DE8A08208
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66683CFC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Info
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1807457897-3916222277
                                                                                                                                                                • Opcode ID: 1c1273ba29c3dc572342229f031c07258396deca5c6de4d72ec9f5145d4bd0de
                                                                                                                                                                • Instruction ID: fa95d61ba7bc99bccd6498defeb8dd037b6ff425c531f4d3b34534c980269c50
                                                                                                                                                                • Opcode Fuzzy Hash: 1c1273ba29c3dc572342229f031c07258396deca5c6de4d72ec9f5145d4bd0de
                                                                                                                                                                • Instruction Fuzzy Hash: CB519C336287C0CAD321CF78E48478EBBA0F349748F54412ADB8A57A49DB79C946CB50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6668404C Relevance: 3.2, APIs: 2, Instructions: 182COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 66683FB4: GetOEMCP.KERNEL32(?,?,?,?,?,?,?,6668435A,?,?,?,?,?,66684512), ref: 66683FDE
                                                                                                                                                                • IsValidCodePage.KERNEL32(?,?,?,00000000,00000000,00000000,?,666843A0,?,?,?,?,?,66684512), ref: 666840CF
                                                                                                                                                                • GetCPInfo.KERNEL32(?,?,?,00000000,00000000,00000000,?,666843A0,?,?,?,?,?,66684512), ref: 666840E4
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CodeInfoPageValid
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 546120528-0
                                                                                                                                                                • Opcode ID: 98eb344948077c2d41886e9f6b5f0cc7ec3f59b1c2dc6e4dc5e869835d0edfa8
                                                                                                                                                                • Instruction ID: 539d5063d6b9891a8bafb4ab435b5d61c5775748fcd8d352d18aa9fbc48ab2d0
                                                                                                                                                                • Opcode Fuzzy Hash: 98eb344948077c2d41886e9f6b5f0cc7ec3f59b1c2dc6e4dc5e869835d0edfa8
                                                                                                                                                                • Instruction Fuzzy Hash: 43515BA2B0828086E720CF38F4603797F6AF791344F45802ED7D687A54EABEC565C720
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D8321055 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 100stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: strlen
                                                                                                                                                                • String ID: PACK200
                                                                                                                                                                • API String ID: 39653677-4153091332
                                                                                                                                                                • Opcode ID: 23f25c7698c067c7da07a95a161029f5443ef52c4ac23a49ecea46d5f80296ac
                                                                                                                                                                • Instruction ID: 373258476390b76678668e337b37a38041a6b858fb39f1998747f6fa41a7f8dd
                                                                                                                                                                • Opcode Fuzzy Hash: 23f25c7698c067c7da07a95a161029f5443ef52c4ac23a49ecea46d5f80296ac
                                                                                                                                                                • Instruction Fuzzy Hash: 5341FA66A24760C9E7609FB1D4043AC33B5FB08B8CF056027EE4DA7B58DB39D9A0C759
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AAB48 Relevance: 3.1, APIs: 2, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 27a27ce21a6d6e044132b457a6acb0567e465f61f28d2bc9e262f7045803d827
                                                                                                                                                                • Instruction ID: d3fd711ac5a3c1960171fe98bc9bcccbe56af20e2db8d966c910dc4b705871a9
                                                                                                                                                                • Opcode Fuzzy Hash: 27a27ce21a6d6e044132b457a6acb0567e465f61f28d2bc9e262f7045803d827
                                                                                                                                                                • Instruction Fuzzy Hash: 4E11D67271474A8BEB418F69F98036D7BA1F7447D4F445326AF6A876E4DB38C860CB04
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666EB38 Relevance: 3.0, APIs: 2, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 28f512d2d2bfbd2ab48da90038e12de9cbec2ce6a55ccae62f08ef02495763bc
                                                                                                                                                                • Instruction ID: b8f8cf98e2d1631806f2e399c3bbc961a6fa61ec8e4e2eb0873c452677cd06f9
                                                                                                                                                                • Opcode Fuzzy Hash: 28f512d2d2bfbd2ab48da90038e12de9cbec2ce6a55ccae62f08ef02495763bc
                                                                                                                                                                • Instruction Fuzzy Hash: 4901B161708BC0809A04DF63BE0005ABF65FB96FE8B0856269E6A87B94DB38C111C346
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666FA9C Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 1d96abbaedfc4f40073afe6ddfa71420b17ce5ef1191f703b75af80d45ff7f1a
                                                                                                                                                                • Instruction ID: d1314169e0f61fa0a0ead2c328e5adf3cae8fb2a61f1b4976bb8565e364e22c5
                                                                                                                                                                • Opcode Fuzzy Hash: 1d96abbaedfc4f40073afe6ddfa71420b17ce5ef1191f703b75af80d45ff7f1a
                                                                                                                                                                • Instruction Fuzzy Hash: B9F0C87175478581AA44CB67BE1115A7E56BBD5FC8B0C50319E49D7B04EF38C051C38A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D8335AA8 Relevance: 3.0, APIs: 2, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __iob_funcfreadmemset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4047862660-0
                                                                                                                                                                • Opcode ID: 6ef865e808175bd45b74abfadc83f320a180070a5eb86b753d5844c31b26b131
                                                                                                                                                                • Instruction ID: 3629555dfb869432f5b0ae1f1ec3c44914f50efbd9e074f3c2a9e498843a9e78
                                                                                                                                                                • Opcode Fuzzy Hash: 6ef865e808175bd45b74abfadc83f320a180070a5eb86b753d5844c31b26b131
                                                                                                                                                                • Instruction Fuzzy Hash: 06012932B05B81A2EB58DB71E6483AD73A5FB45780F454036DB5C87B92EF39E4718344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D8321249 Relevance: 1.4, APIs: 1, Instructions: 199stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: strlen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 39653677-0
                                                                                                                                                                • Opcode ID: 4b2a865daa21b4ae5f7d2ffe7cee278f045daa9ed50c0d4acf1c764e61ecfb2c
                                                                                                                                                                • Instruction ID: 0e2fe18e3b2768eead8def59fd0957cc9be4143929f4607963233cce5f13886a
                                                                                                                                                                • Opcode Fuzzy Hash: 4b2a865daa21b4ae5f7d2ffe7cee278f045daa9ed50c0d4acf1c764e61ecfb2c
                                                                                                                                                                • Instruction Fuzzy Hash: 8C81DC71A0D682A1EB649FB885483BD6751FF407C4F8E5033DA4D87789CE2CE962C748
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D833DFC8 Relevance: 1.4, APIs: 1, Instructions: 119stringCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: strlen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 39653677-0
                                                                                                                                                                • Opcode ID: 8c40e723ea0ef3ee67bf130e01eb09feb2a3cf20c8b4165b8db154f96bd73209
                                                                                                                                                                • Instruction ID: d3d9cbfd31d6735823b99b9579163b4acd27a7f1110495403b629f7f0f6dc9fc
                                                                                                                                                                • Opcode Fuzzy Hash: 8c40e723ea0ef3ee67bf130e01eb09feb2a3cf20c8b4165b8db154f96bd73209
                                                                                                                                                                • Instruction Fuzzy Hash: 9931E22BB246528AE700EFB1D4515DD2371EF69BACB446035EE0DD3B18DB38A842C758
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D832106E Relevance: 1.3, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                • Opcode ID: 7527da0a23295ffa19b609565d1152b9899e837c4859d5bb1bf607a7dce99647
                                                                                                                                                                • Instruction ID: efeaff67ee0e9e7f8ca8793bf371624ca1acf007156b938972dd2086f194c7cc
                                                                                                                                                                • Opcode Fuzzy Hash: 7527da0a23295ffa19b609565d1152b9899e837c4859d5bb1bf607a7dce99647
                                                                                                                                                                • Instruction Fuzzy Hash: 7F01A221B0C20281FAB59BF5A45937C31906F48744F4E0437D60DC7383EE2CF8204388
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D832DE0C Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                • Opcode ID: d4c35a748c8602786ba09cf4e155c567288e6d862616cd7bda73b6916a088f52
                                                                                                                                                                • Instruction ID: ec2cc100b53dd0e5a3fa1b73d37bcdbe52b05866ffab60ad3dc122b828da54fe
                                                                                                                                                                • Opcode Fuzzy Hash: d4c35a748c8602786ba09cf4e155c567288e6d862616cd7bda73b6916a088f52
                                                                                                                                                                • Instruction Fuzzy Hash: 78F09622A1A74A81EB248B66E54833D63A0FF94FC4F094132DA1D87755CF7CD4618344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 00007FF6D832DA94 Relevance: 1.3, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746920343.00007FF6D8321000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6D8320000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746864934.00007FF6D8320000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746959488.00007FF6D8342000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747186758.00007FF6D834D000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747220870.00007FF6D834F000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747250077.00007FF6D8350000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1747276961.00007FF6D8351000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_7ff6d8320000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                • Opcode ID: fb18d8e7463a977c1ffb531b61150c7706a2f32ab8792c0f85ce5acd07f7862b
                                                                                                                                                                • Instruction ID: a02548f3a40cb96c45fdbe51897d8e86cb1f63f8ee5a8a6c169649e251c7c778
                                                                                                                                                                • Opcode Fuzzy Hash: fb18d8e7463a977c1ffb531b61150c7706a2f32ab8792c0f85ce5acd07f7862b
                                                                                                                                                                • Instruction Fuzzy Hash: C7E05B52E1AA0A85FF258BF1D45933C2270EF5C705F1E4072C90E89385DF6C94A5C358
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 6665D73C Relevance: 121.1, APIs: 51, Strings: 18, Instructions: 383libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressErrorHandleLastModuleProc$ExceptionRaisestd::exception::exception
                                                                                                                                                                • String ID: CreateRemoteThreadEx$CreateUmsCompletionList$CreateUmsThreadContext$DeleteProcThreadAttributeList$DeleteUmsCompletionList$DeleteUmsThreadContext$DequeueUmsCompletionListItems$EnterUmsSchedulingMode$ExecuteUmsThread$GetCurrentUmsThread$GetNextUmsListItem$GetUmsCompletionListEvent$InitializeProcThreadAttributeList$QueryUmsThreadInformation$SetUmsThreadInformation$UmsThreadYield$UpdateProcThreadAttribute$kernel32.dll
                                                                                                                                                                • API String ID: 2860015169-2643937717
                                                                                                                                                                • Opcode ID: 46cf6aadf270b6651ceccda4f181abe9d153c02ea712ae288e36a15f131f00e6
                                                                                                                                                                • Instruction ID: d5d24fed5efb786067273138c05cc668e5a7604ab975574fd29d64db70448e4a
                                                                                                                                                                • Opcode Fuzzy Hash: 46cf6aadf270b6651ceccda4f181abe9d153c02ea712ae288e36a15f131f00e6
                                                                                                                                                                • Instruction Fuzzy Hash: EB02F528B06B4691EF04EB66FC6439467B3FB54789F409426E84D43728EE7FC53A8394
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66691EE8 Relevance: 67.7, APIs: 30, Strings: 8, Instructions: 1209COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_fileno
                                                                                                                                                                • String ID: *$F$I$L$N$h$l$w
                                                                                                                                                                • API String ID: 3947385824-888699838
                                                                                                                                                                • Opcode ID: af009ea51d55dbb3de5f688664b53521bfa81d15b8cc75f2fa1808d41bb139d0
                                                                                                                                                                • Instruction ID: ed6c0afd9813f9786ac27fee48baea2092ae2b3dfb3eac1683668ee5b2e83964
                                                                                                                                                                • Opcode Fuzzy Hash: af009ea51d55dbb3de5f688664b53521bfa81d15b8cc75f2fa1808d41bb139d0
                                                                                                                                                                • Instruction Fuzzy Hash: 0192D472E287828AEB148F39F48029E7FB9F786798F105216EF9657B18D739C445CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A7448 Relevance: 67.0, APIs: 35, Strings: 3, Instructions: 472COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$NameName::Name::operator=
                                                                                                                                                                • String ID: /mf$const $volatile
                                                                                                                                                                • API String ID: 712027794-3568093514
                                                                                                                                                                • Opcode ID: afc21b3efdaa5e52d6b4ae4c13f5caf752b22e8c69a6bf7324a24aa15b5645bd
                                                                                                                                                                • Instruction ID: ea0778b0394fc4ef872dc2dbcfa2e45e3ecb39a674e98c9b3cbd5a8d617aa516
                                                                                                                                                                • Opcode Fuzzy Hash: afc21b3efdaa5e52d6b4ae4c13f5caf752b22e8c69a6bf7324a24aa15b5645bd
                                                                                                                                                                • Instruction Fuzzy Hash: C522C736E18B8095F7018F78E8403ED7B72F799748F409215EE8967A5CDB39E99AC340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666CD2F8 Relevance: 55.6, APIs: 25, Strings: 6, Instructions: 1317COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CD443
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CD47A
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CD5C5
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CD608
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CD620
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CD879
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDA89
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDAD0
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDB16
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDC4E
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDD4E
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDDDB
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDE62
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDE78
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDF62
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CDF96
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CE028
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CE065
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CE09F
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CE131
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CE164
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CE28B
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CE2CC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Fill_
                                                                                                                                                                • String ID: $ $ $ $ $
                                                                                                                                                                • API String ID: 619624695-465214913
                                                                                                                                                                • Opcode ID: 3bb3eb5644d8b3f76c2eede5227ddc1b72698f2c2e30ee74d5e4a76b7b870609
                                                                                                                                                                • Instruction ID: 952b1f95260194ea04da43b24fecca9c014d655b0c612c0e75a37d1b27af5fc3
                                                                                                                                                                • Opcode Fuzzy Hash: 3bb3eb5644d8b3f76c2eede5227ddc1b72698f2c2e30ee74d5e4a76b7b870609
                                                                                                                                                                • Instruction Fuzzy Hash: 49A2F673B94F9487D7189F29E54222D7FB1F745B89B408129CB5A87B50DB38D831CB82
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AB7E4 Relevance: 53.1, APIs: 29, Strings: 1, Instructions: 620fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$ErrorFileLast_lseek_nolock$CloseCreate__doserrno$Handle_close_nolock_invalid_parameter_noinfo$ChangeFindNotificationType_get_daylight
                                                                                                                                                                • String ID: @
                                                                                                                                                                • API String ID: 2844167220-2766056989
                                                                                                                                                                • Opcode ID: 6a6b7921b43aa6e6754e1d1dd93431364a5818e38cbbde085b0421c815fe76c7
                                                                                                                                                                • Instruction ID: 991d7c7e24bbd8ef4901b9df160424da984d62eeb867e12466ffb32f13dd2c19
                                                                                                                                                                • Opcode Fuzzy Hash: 6a6b7921b43aa6e6754e1d1dd93431364a5818e38cbbde085b0421c815fe76c7
                                                                                                                                                                • Instruction Fuzzy Hash: 4E22E532B24B588AEB14CB79F89079C3A61F786B68F144619DF26877E8CB79CC50C741
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666683E8 Relevance: 51.0, APIs: 28, Strings: 1, Instructions: 282timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Time$File$_errno$FindLocalSystem__doserrno$Closefree$DriveErrorFirstLastNameRootType_getdrive_invalid_parameter_noinfo_wsopen_s
                                                                                                                                                                • String ID: ./\
                                                                                                                                                                • API String ID: 987274459-3176372042
                                                                                                                                                                • Opcode ID: db71447de54a02f21c14f77ed7e1d16751c3063df52503bfda9e3290131b8812
                                                                                                                                                                • Instruction ID: 099784bc44b31f75be8fa4fb7d0f93496b72b0a57e9e529ead7fac873546c42a
                                                                                                                                                                • Opcode Fuzzy Hash: db71447de54a02f21c14f77ed7e1d16751c3063df52503bfda9e3290131b8812
                                                                                                                                                                • Instruction Fuzzy Hash: 26B1D672708791A7EB109F23F80031EBBB1F786B99F004119EB9597A64DB7DC460CB66
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66665EE8 Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 328timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Time$File$_errno$FindLocalSystem__doserrno$Closefree$DriveErrorFirstLastType_getdrive_invalid_parameter_noinfo_wsopen_s
                                                                                                                                                                • String ID: ./\
                                                                                                                                                                • API String ID: 385398445-3176372042
                                                                                                                                                                • Opcode ID: 003b159e2ef0175aa3bd3abe1dc2cfbed7879aee237b10b061f5e26baf6469d7
                                                                                                                                                                • Instruction ID: 4b60dec7dd76051bebd1ee389e8fe9d109aeff178ebe6e675c06dcfc2bc498d7
                                                                                                                                                                • Opcode Fuzzy Hash: 003b159e2ef0175aa3bd3abe1dc2cfbed7879aee237b10b061f5e26baf6469d7
                                                                                                                                                                • Instruction Fuzzy Hash: B0D1E0726082809BEB108F27F84036EBFB1F785B88F404129EB95D7A55DB7AC464CB57
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666CB760 Relevance: 48.2, APIs: 31, Instructions: 1704COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CB8A2
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CB996
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CB9DE
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CBB27
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CBB71
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CBB97
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CBE67
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC101
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC154
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC1A6
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC2C6
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC3D9
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC49D
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC57F
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC600
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC77F
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC7DE
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC830
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CC907
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CCA25
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CCA6E
                                                                                                                                                                • __Fill_FPIEEE_RECORD2.LIBCMT ref: 666CCF83
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Fill_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 619624695-0
                                                                                                                                                                • Opcode ID: 529fb01f12d63d8dc1c86ff8580001dd0c49f66b74a44e4db7c0caccb1b87d42
                                                                                                                                                                • Instruction ID: 3ec2df4291d61fead22f490f928d38816659dddaa0758595fb31933744093387
                                                                                                                                                                • Opcode Fuzzy Hash: 529fb01f12d63d8dc1c86ff8580001dd0c49f66b74a44e4db7c0caccb1b87d42
                                                                                                                                                                • Instruction Fuzzy Hash: AFD2D133A10F848BEB15CF2AE44AB1E3BB5F755BD9B019125CE5A87760CB39C411CB86
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66670288 Relevance: 47.7, APIs: 22, Strings: 5, Instructions: 423processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 666702C6
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666702D1
                                                                                                                                                                • _lock.LIBCMT ref: 666703B0
                                                                                                                                                                  • Part of subcall function 66661740: _amsg_exit.LIBCMT ref: 6666176A
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 666703BE
                                                                                                                                                                • idtab.LIBCMT ref: 6667044E
                                                                                                                                                                • fclose.LIBCMT ref: 66670892
                                                                                                                                                                  • Part of subcall function 666B2208: _lock.LIBCMT ref: 666B222F
                                                                                                                                                                  • Part of subcall function 666B2208: _errno.LIBCMT ref: 666B2243
                                                                                                                                                                  • Part of subcall function 666B2208: _invalid_parameter_noinfo.LIBCMT ref: 666B224F
                                                                                                                                                                • _errno.LIBCMT ref: 66670597
                                                                                                                                                                • CreateProcessA.KERNEL32 ref: 666705EE
                                                                                                                                                                • free.LIBCMT ref: 66670618
                                                                                                                                                                • free.LIBCMT ref: 66670620
                                                                                                                                                                • free.LIBCMT ref: 6667062A
                                                                                                                                                                • free.LIBCMT ref: 66670675
                                                                                                                                                                • CreateProcessA.KERNEL32 ref: 666707AD
                                                                                                                                                                • free.LIBCMT ref: 666707E1
                                                                                                                                                                • free.LIBCMT ref: 666707E9
                                                                                                                                                                • _errno.LIBCMT ref: 6667062F
                                                                                                                                                                  • Part of subcall function 666B0450: GetCurrentProcess.KERNEL32(?,?,?,?,666B04F6), ref: 666B0468
                                                                                                                                                                  • Part of subcall function 666B2208: calloc.LIBCMT ref: 666B2291
                                                                                                                                                                  • Part of subcall function 666B2208: _errno.LIBCMT ref: 666B229E
                                                                                                                                                                  • Part of subcall function 666B2208: _errno.LIBCMT ref: 666B22A9
                                                                                                                                                                • free.LIBCMT ref: 666707F8
                                                                                                                                                                • free.LIBCMT ref: 66670802
                                                                                                                                                                • CloseHandle.KERNEL32 ref: 6667080F
                                                                                                                                                                • CloseHandle.KERNEL32 ref: 6667081D
                                                                                                                                                                • _errno.LIBCMT ref: 66670823
                                                                                                                                                                • DuplicateHandle.KERNEL32 ref: 66670408
                                                                                                                                                                  • Part of subcall function 666A9E40: __doserrno.LIBCMT ref: 666A9E59
                                                                                                                                                                  • Part of subcall function 666A9E40: _errno.LIBCMT ref: 666A9E61
                                                                                                                                                                  • Part of subcall function 6666E17C: _errno.LIBCMT ref: 6666E19A
                                                                                                                                                                  • Part of subcall function 6666E17C: _invalid_parameter_noinfo.LIBCMT ref: 6666E2FB
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$free$Process$Handle_invalid_parameter_noinfo$CloseCreateCurrent_lock$Duplicate__doserrno_amsg_exitcallocfcloseidtab
                                                                                                                                                                • String ID: /c $COMSPEC$PATH$cmd.exe$w
                                                                                                                                                                • API String ID: 595185807-3679458415
                                                                                                                                                                • Opcode ID: 02001dc77fbccc93e72bd5d824fc0db958a276aae3719d6df03a4104a6f0830e
                                                                                                                                                                • Instruction ID: 18198ff5a0734ea211c2245e57f0b84d88bae53f1e73f91755c005a982f9dacf
                                                                                                                                                                • Opcode Fuzzy Hash: 02001dc77fbccc93e72bd5d824fc0db958a276aae3719d6df03a4104a6f0830e
                                                                                                                                                                • Instruction Fuzzy Hash: B0F1C1B261878086EB30CB26F95079FBFA1FBD5788F4041259A8987B58DF3EC454CB94
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66667F84 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID: ./\
                                                                                                                                                                • API String ID: 2315031519-3176372042
                                                                                                                                                                • Opcode ID: c60d75ee6661289a665143a7b49732bf9534340646cefe1f7bfae5a6b42335ba
                                                                                                                                                                • Instruction ID: 95097ca3c56a611ffceaed5c99fb4a31d026b82ff5422bd15aa1e005e4ebe791
                                                                                                                                                                • Opcode Fuzzy Hash: c60d75ee6661289a665143a7b49732bf9534340646cefe1f7bfae5a6b42335ba
                                                                                                                                                                • Instruction Fuzzy Hash: C4B1F572208740D6EB108F36F80071EBBB5FB86B99F104219EB9587AA8DF3DC550CB56
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666663E4 Relevance: 45.8, APIs: 25, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID: ./\
                                                                                                                                                                • API String ID: 2315031519-3176372042
                                                                                                                                                                • Opcode ID: fb06471e7ddc44c4ab124ca1fd0dedc08412753c2634211029a3248e425b7117
                                                                                                                                                                • Instruction ID: 8d07c5840558f255b9d861292b831994a4dbd734d20020f12fe161ac45066ab4
                                                                                                                                                                • Opcode Fuzzy Hash: fb06471e7ddc44c4ab124ca1fd0dedc08412753c2634211029a3248e425b7117
                                                                                                                                                                • Instruction Fuzzy Hash: 1DC1E97260838096EB108F27F85136EBFB1F785B98F104119EB99C7A68DB79C454CB13
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666644A8 Relevance: 42.3, APIs: 28, Instructions: 349fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$File$_invalid_parameter_noinfo$ErrorFindLastTime$FirstNext$LocalSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2928870310-0
                                                                                                                                                                • Opcode ID: 37a969794efc7c1a42ce5c1b145084a3179a640609717341694d48bb8804a540
                                                                                                                                                                • Instruction ID: ed4078b5df4fb547cfb48ad1930d730a3f58afc29a7e6d801db4033998e47e12
                                                                                                                                                                • Opcode Fuzzy Hash: 37a969794efc7c1a42ce5c1b145084a3179a640609717341694d48bb8804a540
                                                                                                                                                                • Instruction Fuzzy Hash: 6AC1E57261464096EB10CF76F96134E7FA1FB85768F50C212E669C7A84DFBCC420CB96
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66663F10 Relevance: 42.3, APIs: 28, Instructions: 348fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$File$_invalid_parameter_noinfo$ErrorFindLastTime$FirstNext$LocalSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2928870310-0
                                                                                                                                                                • Opcode ID: d665c275110693589b43fcc2cd8103e02ed0879459ba5b721aaa5676dc816206
                                                                                                                                                                • Instruction ID: d367a47d4b9c955b619c982bba6edc6c9a2a50295b867dbe2ace33f913cc4855
                                                                                                                                                                • Opcode Fuzzy Hash: d665c275110693589b43fcc2cd8103e02ed0879459ba5b721aaa5676dc816206
                                                                                                                                                                • Instruction Fuzzy Hash: 73C1D572614640C6EB10CF76F85139EBBB1FB95764F508212EB69C7A84DF78C820CB96
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666A1F0 Relevance: 40.6, APIs: 20, Strings: 3, Instructions: 398COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfofreewcomexecmd$CurrentProcess
                                                                                                                                                                • String ID: PATH$d$mf$t$mf
                                                                                                                                                                • API String ID: 2725273913-1347304661
                                                                                                                                                                • Opcode ID: ab67ea1fbbfa0b6271863d3031a80fe2b086597d731a16c3fe381fb5e64d2b1f
                                                                                                                                                                • Instruction ID: 1667b311ca209b58356d50dc6d3408b76f603db4ed75507067be2f28c7116b82
                                                                                                                                                                • Opcode Fuzzy Hash: ab67ea1fbbfa0b6271863d3031a80fe2b086597d731a16c3fe381fb5e64d2b1f
                                                                                                                                                                • Instruction Fuzzy Hash: 97C10531B152604BEB14DB37FE1076E6E91AB85BD8F4486298E69CBB84EF3CC441C716
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6668C7E8 Relevance: 37.9, APIs: 19, Strings: 2, Instructions: 1117COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo_wcstoi64write_multi_char$_getptd
                                                                                                                                                                • String ID: $p&mf
                                                                                                                                                                • API String ID: 1554814152-2706531864
                                                                                                                                                                • Opcode ID: f7888fa3344e72eaeeb318d907b1c262bdaa8b546b5fbce13e52a231c2d4b92a
                                                                                                                                                                • Instruction ID: 3a0592372ca964554fb4ff1604012d9eb263625d68c1e3a1ac2c701ce873bb40
                                                                                                                                                                • Opcode Fuzzy Hash: f7888fa3344e72eaeeb318d907b1c262bdaa8b546b5fbce13e52a231c2d4b92a
                                                                                                                                                                • Instruction Fuzzy Hash: 7B92DFB2A18A808AEB118F79F4403AD7B71F792B98F10420FDE5A57794DB78C841C7B1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666BE1C Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 385COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfofreewcomexecmd$CurrentProcess
                                                                                                                                                                • String ID: PATH
                                                                                                                                                                • API String ID: 2725273913-1036084923
                                                                                                                                                                • Opcode ID: d740a91717bcc7efbbc19f5750c47ddd14ba674baf8408e56d6cb74bf3c891c5
                                                                                                                                                                • Instruction ID: b5a3b9bfdab6992909cd42e03b4ad855d977b69d7a8bf833431b06673729ab28
                                                                                                                                                                • Opcode Fuzzy Hash: d740a91717bcc7efbbc19f5750c47ddd14ba674baf8408e56d6cb74bf3c891c5
                                                                                                                                                                • Instruction Fuzzy Hash: 8CC12561B0468086EE149B77F91071E3EA5BB85BD8F4482259F2AC7B94EF38C061C74A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B6C0C Relevance: 35.6, APIs: 10, Strings: 10, Instructions: 604COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • Expression: , xrefs: 666B710F
                                                                                                                                                                • (Press Retry to debug the application - JIT must be enabled), xrefs: 666B7219
                                                                                                                                                                • Assertion failed!, xrefs: 666B6C7A
                                                                                                                                                                • For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts, xrefs: 666B71E5
                                                                                                                                                                • Line: , xrefs: 666B709F
                                                                                                                                                                • Assertion failed: %s, file %s, line %d, xrefs: 666B73F5, 666B7482
                                                                                                                                                                • Microsoft Visual C++ Runtime Library, xrefs: 666B7231
                                                                                                                                                                • Program: , xrefs: 666B6CB0
                                                                                                                                                                • <program name unknown>, xrefs: 666B6CF2
                                                                                                                                                                • File: , xrefs: 666B6DCA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File_set_error_mode$ConsoleHandleModuleNameTypeWrite_itow_sfflushfwprintfswprintf
                                                                                                                                                                • String ID: (Press Retry to debug the application - JIT must be enabled)$<program name unknown>$Assertion failed!$Assertion failed: %s, file %s, line %d$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Microsoft Visual C++ Runtime Library$Program:
                                                                                                                                                                • API String ID: 3319143600-2333777566
                                                                                                                                                                • Opcode ID: 0736e77925383ee89d1463d6831d656f16b025c43f6a7b7812a64e305306b70e
                                                                                                                                                                • Instruction ID: a556eef8c649f0b935a0f563119e63547cf6a4a9889fa022d8dfd22460b204ee
                                                                                                                                                                • Opcode Fuzzy Hash: 0736e77925383ee89d1463d6831d656f16b025c43f6a7b7812a64e305306b70e
                                                                                                                                                                • Instruction Fuzzy Hash: F712022A714691C2EB24CB76FA61B5F6F62FB8638CF904015EF4982E48DF39C525C748
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A6F58 Relevance: 31.8, APIs: 21, Instructions: 331COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 666A2C9C: DNameStatusNode::make.LIBCMT ref: 666A2CCC
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A6FA7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: NameName::operator+=Node::makeStatus
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2733247609-0
                                                                                                                                                                • Opcode ID: 11677355e3571bfa3e674a88d82faaaa3d4ac9f5816c1105016d855cd73640a3
                                                                                                                                                                • Instruction ID: de092d713c1a6964218ceaa07724e6ad7a74bac61066e44678618e71f17a65e5
                                                                                                                                                                • Opcode Fuzzy Hash: 11677355e3571bfa3e674a88d82faaaa3d4ac9f5816c1105016d855cd73640a3
                                                                                                                                                                • Instruction Fuzzy Hash: 5DE1BE63E14B8499E701CF78E8402EC7BB1F75870CB448125DE8897A19EB35DEA9C3A4
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66694EC4 Relevance: 30.5, APIs: 14, Strings: 3, Instructions: 722COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_char$_fileno_getptdfree
                                                                                                                                                                • String ID: $@$p&mf
                                                                                                                                                                • API String ID: 920461082-3217188945
                                                                                                                                                                • Opcode ID: a02b2e56d96886abb1d957e4aa29ce0650ce7dcd23faaad8e3340dba281289ce
                                                                                                                                                                • Instruction ID: b2550a83a16ced166963ee4398a20fe62ec6f5fc33abff847e5920df01847cdf
                                                                                                                                                                • Opcode Fuzzy Hash: a02b2e56d96886abb1d957e4aa29ce0650ce7dcd23faaad8e3340dba281289ce
                                                                                                                                                                • Instruction Fuzzy Hash: 16424472A1C793CAEB108F25F4403AE7FB1F746B9AF504206DE594BA64D779C950CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66693050 Relevance: 30.5, APIs: 14, Strings: 3, Instructions: 715COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_char$_fileno_getptdfree
                                                                                                                                                                • String ID: $@$p&mf
                                                                                                                                                                • API String ID: 920461082-3217188945
                                                                                                                                                                • Opcode ID: e788bc95debba175635fd1c717ad8795ce0d6a08e49e48a1497d44e889b88bad
                                                                                                                                                                • Instruction ID: c04f547bf1ec83e2838d5d7ba58c83b77aad2541852e470c79ccaa13eda06dbf
                                                                                                                                                                • Opcode Fuzzy Hash: e788bc95debba175635fd1c717ad8795ce0d6a08e49e48a1497d44e889b88bad
                                                                                                                                                                • Instruction Fuzzy Hash: F5422472A0878286EB258F69F54039E7F71F746B88F100216DE5EAB754DB39CC51CB81
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6668EFE8 Relevance: 29.2, APIs: 15, Strings: 1, Instructions: 1179COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfowrite_multi_char$_getptd
                                                                                                                                                                • String ID: p&mf
                                                                                                                                                                • API String ID: 2710955289-37327957
                                                                                                                                                                • Opcode ID: 25f86bb34d0422bc41def1c60a6e81c6a29c7a2ea42a3c961d1a627230559da7
                                                                                                                                                                • Instruction ID: c738108cec432196c1838184fa48775cd96990bcc3d20ecc74ac72d095eed2db
                                                                                                                                                                • Opcode Fuzzy Hash: 25f86bb34d0422bc41def1c60a6e81c6a29c7a2ea42a3c961d1a627230559da7
                                                                                                                                                                • Instruction Fuzzy Hash: 80A22F72A18681CAEB108F79F4402AE7B71F7D6BD8F10011EEE4567B98DB79C841CB90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666596BC Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 50libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$LibraryLoad
                                                                                                                                                                • String ID: GetTraceEnableFlags$GetTraceEnableLevel$GetTraceLoggerHandle$RegisterTraceGuidsW$TraceEvent$UnregisterTraceGuids$advapi32.dll
                                                                                                                                                                • API String ID: 2238633743-19120757
                                                                                                                                                                • Opcode ID: c9f42445f85ffc9c27826621f6730bf1ec1149dd7b6345642ba07660ea6dc94a
                                                                                                                                                                • Instruction ID: 835135ae8b2ed50eff8d6957af3842bc595a42ab453d55f9418aee1b14854bf7
                                                                                                                                                                • Opcode Fuzzy Hash: c9f42445f85ffc9c27826621f6730bf1ec1149dd7b6345642ba07660ea6dc94a
                                                                                                                                                                • Instruction Fuzzy Hash: 5421C464305A4092EF04DB66F9A432863B3FB4CBD8F40616AE90E47328DE7BC47AC340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66699EEC Relevance: 23.5, APIs: 11, Strings: 2, Instructions: 754COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6667C9B8: _getptd.LIBCMT ref: 6667C9CA
                                                                                                                                                                • _errno.LIBCMT ref: 66699F5B
                                                                                                                                                                • _errno.LIBCMT ref: 66699F6C
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 66699F77
                                                                                                                                                                • free.LIBCMT ref: 6669A747
                                                                                                                                                                  • Part of subcall function 666A8A90: malloc.LIBCMT ref: 666A8ABB
                                                                                                                                                                  • Part of subcall function 666A8A90: Sleep.KERNEL32(?,?,?,666616B5,?,?,?,66661763,?,?,?,?,?,?,00000000,666620BC), ref: 666A8ACE
                                                                                                                                                                • write_multi_char.LIBCMT ref: 6669A635
                                                                                                                                                                • write_multi_char.LIBCMT ref: 6669A674
                                                                                                                                                                • write_char.LIBCMT ref: 6669A6BF
                                                                                                                                                                • write_multi_char.LIBCMT ref: 6669A720
                                                                                                                                                                • _errno.LIBCMT ref: 6669A9F9
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 6669AA04
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errnowrite_multi_char$_invalid_parameter_noinfo$Sleep_getptdfreemallocwrite_char
                                                                                                                                                                • String ID: 0$p&mf
                                                                                                                                                                • API String ID: 3788132087-2726585475
                                                                                                                                                                • Opcode ID: 821ee50f9a4901d492280c550f3d49316bfcc85bee74f22a3b62b665d5c523c9
                                                                                                                                                                • Instruction ID: 011013bccc05e4136f1bdd3fa1374bdb001110e54f02de178bb34c9e55f9baf9
                                                                                                                                                                • Opcode Fuzzy Hash: 821ee50f9a4901d492280c550f3d49316bfcc85bee74f22a3b62b665d5c523c9
                                                                                                                                                                • Instruction Fuzzy Hash: 8142E372E1878287EB148F29F54036E7BF1F781798F111216DE959BB54DB3AC851CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B5E5C Relevance: 22.7, APIs: 15, Instructions: 227COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$free$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3732520672-0
                                                                                                                                                                • Opcode ID: 72a4cf88dbaa382d844a69a020fab18c3d915be40a6e3bd60ff24314168c064c
                                                                                                                                                                • Instruction ID: 4c52ff04a52953f02c5aed1d13e86a0f11ef51ef7439431786b324d13661408c
                                                                                                                                                                • Opcode Fuzzy Hash: 72a4cf88dbaa382d844a69a020fab18c3d915be40a6e3bd60ff24314168c064c
                                                                                                                                                                • Instruction Fuzzy Hash: DE61C272714780CAEE15DF67F81169E7F54AB86BC8F484025AF4A8B706EF38C021C769
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666724D0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 66661654: _FF_MSGBANNER.LIBCMT ref: 6666167B
                                                                                                                                                                • calloc.LIBCMT ref: 666725B5
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: calloc
                                                                                                                                                                • String ID: TMP
                                                                                                                                                                • API String ID: 2635317215-3125297090
                                                                                                                                                                • Opcode ID: 3c2e267ab4f699b90fcb11be95d3968805e45937a1bb36db4765dbcf21b69374
                                                                                                                                                                • Instruction ID: a9d4b85dab5d8aad89930c23e5ea99ae88791ca03ef9264cba40212b927be215
                                                                                                                                                                • Opcode Fuzzy Hash: 3c2e267ab4f699b90fcb11be95d3968805e45937a1bb36db4765dbcf21b69374
                                                                                                                                                                • Instruction Fuzzy Hash: C7610535B1468083FB28DB33FE5476E6E5AABD4BC8F44812ADE0687A54DF39C411C709
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666756B8 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_lockcalloc
                                                                                                                                                                • String ID: TMP
                                                                                                                                                                • API String ID: 1428780384-3125297090
                                                                                                                                                                • Opcode ID: b30bca98efdd66b92d8de191492f362f35c561f6466864177abb26c49acf36d3
                                                                                                                                                                • Instruction ID: 56d6fd80cfd80c51c25b0d4496e47292cf915fbb1e3cb6322c0aebc3f1aa8a4b
                                                                                                                                                                • Opcode Fuzzy Hash: b30bca98efdd66b92d8de191492f362f35c561f6466864177abb26c49acf36d3
                                                                                                                                                                • Instruction Fuzzy Hash: DA51F435B1079092EB28CB77FD1072E7EA6AB957C8F4484259E4A87B24DF39C012CB49
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66690244 Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 735COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: write_multi_char$_errno_putwch_nolock$_getptd_invalid_parameter_noinfofree
                                                                                                                                                                • String ID: p&mf
                                                                                                                                                                • API String ID: 102787012-37327957
                                                                                                                                                                • Opcode ID: 07a8fc9fac444d8817774e879b742a5368603130493f24a755121d3dc47067f8
                                                                                                                                                                • Instruction ID: a5da9a33d0fddea0d5d956e6c288bfa9135b2cbbd7244c7cbb459006522335a4
                                                                                                                                                                • Opcode Fuzzy Hash: 07a8fc9fac444d8817774e879b742a5368603130493f24a755121d3dc47067f8
                                                                                                                                                                • Instruction Fuzzy Hash: 0B42EF76A1878286EB148F19F5403AE7B71F782799F10121EDF999BA94DB39C850CBC0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66697F74 Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 732COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: write_multi_char$_errno$_getptd_invalid_parameter_noinfofreewrite_char
                                                                                                                                                                • String ID: p&mf
                                                                                                                                                                • API String ID: 2983306934-37327957
                                                                                                                                                                • Opcode ID: 6f8f4e9701d1015b0eceb8ed100e0861e7310a7f22e5e7db65f063defa38ae0d
                                                                                                                                                                • Instruction ID: 446d5cdd5b53c6fc1c501a948a9b771788910ee976873fefe0d86b0a775fc522
                                                                                                                                                                • Opcode Fuzzy Hash: 6f8f4e9701d1015b0eceb8ed100e0861e7310a7f22e5e7db65f063defa38ae0d
                                                                                                                                                                • Instruction Fuzzy Hash: 2342E472A18782A6EB148F69F4403AE7B71F782794F100A1EDF569B7B4DB39C451CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6668E3FC Relevance: 18.2, APIs: 9, Strings: 1, Instructions: 728COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: write_multi_char$_errno_putwch_nolock$_getptd_invalid_parameter_noinfofree
                                                                                                                                                                • String ID: p&mf
                                                                                                                                                                • API String ID: 102787012-37327957
                                                                                                                                                                • Opcode ID: 1b93bbb44092acaa10d797b0b8298642be3576789ee56681578912cf0b8a8a30
                                                                                                                                                                • Instruction ID: 6e71679b3aa6c1fdd8234216cb0911734891b694d954f89dcc9ea713acf7597b
                                                                                                                                                                • Opcode Fuzzy Hash: 1b93bbb44092acaa10d797b0b8298642be3576789ee56681578912cf0b8a8a30
                                                                                                                                                                • Instruction Fuzzy Hash: 4A42CD72A187D486EB248B39F4403AE7F71F782794F20011EDF665B694DB79C850CBA0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BDF5C Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 201COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6667C9B8: _getptd.LIBCMT ref: 6667C9CA
                                                                                                                                                                • _errno.LIBCMT ref: 666BDF9B
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666BDFA5
                                                                                                                                                                • _errno.LIBCMT ref: 666BDFE3
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666BDFEF
                                                                                                                                                                • _errno.LIBCMT ref: 666BE01A
                                                                                                                                                                  • Part of subcall function 666B0450: GetCurrentProcess.KERNEL32(?,?,?,?,666B04F6), ref: 666B0468
                                                                                                                                                                • _fltout2.LIBCMT ref: 666BE1CD
                                                                                                                                                                • _errno.LIBCMT ref: 666BE1D7
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666BE1DE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo$CurrentProcess_fltout2_getptd
                                                                                                                                                                • String ID: e+000
                                                                                                                                                                • API String ID: 720932481-1027065040
                                                                                                                                                                • Opcode ID: 2b638c1efc3fa4bc2f775c159b1ff5013959ac1db56498c30d6e8177ae428a27
                                                                                                                                                                • Instruction ID: 713c1bd9d5d0e79ce96065d830e115027742ea5a4d3340c63319e12497fc80d8
                                                                                                                                                                • Opcode Fuzzy Hash: 2b638c1efc3fa4bc2f775c159b1ff5013959ac1db56498c30d6e8177ae428a27
                                                                                                                                                                • Instruction Fuzzy Hash: 936101A26087C48AD7118F25F88034A7F61E781BD8F188266DF994BB95DF39C468C745
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666B7C4 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID: PATH
                                                                                                                                                                • API String ID: 2819658684-1036084923
                                                                                                                                                                • Opcode ID: 9b1ee15a2fa18d7e806361284c2cc0f364db4d936d718396c6a2067aa6e52793
                                                                                                                                                                • Instruction ID: 399e34aa17f6adf924a9b8cb1484bc3375d23eeafac51b5931e042ae27ecf648
                                                                                                                                                                • Opcode Fuzzy Hash: 9b1ee15a2fa18d7e806361284c2cc0f364db4d936d718396c6a2067aa6e52793
                                                                                                                                                                • Instruction Fuzzy Hash: 7C512532B14380C6EB149B27F95132E3A75EB91B8CF408625EF5987B54EB38C0B1C34A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666A760 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 666B2208: _lock.LIBCMT ref: 666B222F
                                                                                                                                                                  • Part of subcall function 666B2208: _errno.LIBCMT ref: 666B2243
                                                                                                                                                                  • Part of subcall function 666B2208: _invalid_parameter_noinfo.LIBCMT ref: 666B224F
                                                                                                                                                                • _errno.LIBCMT ref: 6666A7E7
                                                                                                                                                                • _errno.LIBCMT ref: 6666A7EE
                                                                                                                                                                • _errno.LIBCMT ref: 6666A80E
                                                                                                                                                                  • Part of subcall function 666B0450: GetCurrentProcess.KERNEL32(?,?,?,?,666B04F6), ref: 666B0468
                                                                                                                                                                • _errno.LIBCMT ref: 6666A817
                                                                                                                                                                • _errno.LIBCMT ref: 6666A821
                                                                                                                                                                • _errno.LIBCMT ref: 6666A82B
                                                                                                                                                                • free.LIBCMT ref: 6666A851
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$CurrentProcess_invalid_parameter_noinfo_lockfree
                                                                                                                                                                • String ID: COMSPEC$cmd.exe
                                                                                                                                                                • API String ID: 3119157571-2256226045
                                                                                                                                                                • Opcode ID: b411912d5e5997f23040f3472e904ee1429889c7ea91f54776e84ceced18abf2
                                                                                                                                                                • Instruction ID: f638bae79e5afa29f198f486ef753e3f74f3139d72320643787aa5b766cd915e
                                                                                                                                                                • Opcode Fuzzy Hash: b411912d5e5997f23040f3472e904ee1429889c7ea91f54776e84ceced18abf2
                                                                                                                                                                • Instruction Fuzzy Hash: FF21D276B00B509AEB008FB7F85169D3FB5BB88348B404229DB09C7A29DF34C461C796
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666C350 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$CurrentProcess_lockfree
                                                                                                                                                                • String ID: COMSPEC$cmd.exe
                                                                                                                                                                • API String ID: 3359361903-2256226045
                                                                                                                                                                • Opcode ID: 2799e143b76beeb258345ab5ecb3f96f36a9c0688285250d9e700b18f64d401d
                                                                                                                                                                • Instruction ID: 9fcd1f194687a1748cc1273bf9dfd66563c4c1411a66560682538d0f65c54aa8
                                                                                                                                                                • Opcode Fuzzy Hash: 2799e143b76beeb258345ab5ecb3f96f36a9c0688285250d9e700b18f64d401d
                                                                                                                                                                • Instruction Fuzzy Hash: 0321B676B10B0089EF00CFB7F8516AD3FA5BB99388B804225DB4AD7A18DF34C421C796
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66678E10 Relevance: 15.3, APIs: 10, Instructions: 292timeCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _lock.LIBCMT ref: 66678E3B
                                                                                                                                                                  • Part of subcall function 66661740: _amsg_exit.LIBCMT ref: 6666176A
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66678E51
                                                                                                                                                                  • Part of subcall function 66678CDC: _errno.LIBCMT ref: 66678CE5
                                                                                                                                                                  • Part of subcall function 66678CDC: _invalid_parameter_noinfo.LIBCMT ref: 66678CF0
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66678E66
                                                                                                                                                                  • Part of subcall function 66678C6C: _errno.LIBCMT ref: 66678C75
                                                                                                                                                                  • Part of subcall function 66678C6C: _invalid_parameter_noinfo.LIBCMT ref: 66678C80
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66678E7B
                                                                                                                                                                  • Part of subcall function 66678CA4: _errno.LIBCMT ref: 66678CAD
                                                                                                                                                                  • Part of subcall function 66678CA4: _invalid_parameter_noinfo.LIBCMT ref: 66678CB8
                                                                                                                                                                • ___lc_codepage_func.LIBCMT ref: 66678E88
                                                                                                                                                                  • Part of subcall function 666B2CEC: _getptd.LIBCMT ref: 666B2CF0
                                                                                                                                                                  • Part of subcall function 666B1FF0: __wtomb_environ.LIBCMT ref: 666B2017
                                                                                                                                                                • free.LIBCMT ref: 66678EF9
                                                                                                                                                                  • Part of subcall function 666A8D78: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8D8E
                                                                                                                                                                  • Part of subcall function 666A8D78: _errno.LIBCMT ref: 666A8D98
                                                                                                                                                                  • Part of subcall function 666A8D78: GetLastError.KERNEL32(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8DA0
                                                                                                                                                                • free.LIBCMT ref: 66678F62
                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,00000000,?,51EB851F,66679846,?,?,?,?,66677C5C), ref: 66678F75
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000000,?,51EB851F,66679846,?,?,?,?,66677C5C), ref: 6667902B
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,00000000,?,51EB851F,66679846,?,?,?,?,66677C5C), ref: 6667907E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_get_daylight_invalid_parameter_noinfo$ByteCharMultiWidefree$ErrorInformationLanguagesLastPreferredRestoreThreadTimeZone___lc_codepage_func__wtomb_environ_amsg_exit_getptd_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3554685013-0
                                                                                                                                                                • Opcode ID: 0bffc10264a5ead42f9b865993f32d02ea64814fb1b427cf13b48d06aa205ffc
                                                                                                                                                                • Instruction ID: 3e9ba59bffc1ed5363dd7a68cc5ada03e98497de3655caf67caacc7a0acc6417
                                                                                                                                                                • Opcode Fuzzy Hash: 0bffc10264a5ead42f9b865993f32d02ea64814fb1b427cf13b48d06aa205ffc
                                                                                                                                                                • Instruction Fuzzy Hash: FFB1F3327147C09AE730CF26F85075A7FAAF795788F408229DA9953B34DB3AC861CB44
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667A410 Relevance: 15.3, APIs: 10, Instructions: 259COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _get_daylight$_errno_isindst$__getgmtimebuf__tzset_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1457502553-0
                                                                                                                                                                • Opcode ID: 80aa8874562a6d452bf2540e564537ca61a73caa064972329fadf5a8c68407f3
                                                                                                                                                                • Instruction ID: 348091c9e18b38cab3e2ce56ac617c8e0593f30128f686c40db3768196080464
                                                                                                                                                                • Opcode Fuzzy Hash: 80aa8874562a6d452bf2540e564537ca61a73caa064972329fadf5a8c68407f3
                                                                                                                                                                • Instruction Fuzzy Hash: 3981D4B3B107458BEB28CF3AE9557596FA5E754B8DF04913ADE098BB48EF38C5018B40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66678194 Relevance: 15.3, APIs: 10, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 666781B6
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666781C2
                                                                                                                                                                • _errno.LIBCMT ref: 666781EB
                                                                                                                                                                • __tzset.LIBCMT ref: 666781F9
                                                                                                                                                                  • Part of subcall function 66679820: _lock.LIBCMT ref: 66679832
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66678202
                                                                                                                                                                  • Part of subcall function 66678C6C: _errno.LIBCMT ref: 66678C75
                                                                                                                                                                  • Part of subcall function 66678C6C: _invalid_parameter_noinfo.LIBCMT ref: 66678C80
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66678213
                                                                                                                                                                  • Part of subcall function 66678CA4: _errno.LIBCMT ref: 66678CAD
                                                                                                                                                                  • Part of subcall function 66678CA4: _invalid_parameter_noinfo.LIBCMT ref: 66678CB8
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66678224
                                                                                                                                                                  • Part of subcall function 66678CDC: _errno.LIBCMT ref: 66678CE5
                                                                                                                                                                  • Part of subcall function 66678CDC: _invalid_parameter_noinfo.LIBCMT ref: 66678CF0
                                                                                                                                                                • _isindst.LIBCMT ref: 66678267
                                                                                                                                                                • _isindst.LIBCMT ref: 666782B5
                                                                                                                                                                • __getgmtimebuf.LIBCMT ref: 66678482
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo$_get_daylight$_isindst$__getgmtimebuf__tzset_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2175338424-0
                                                                                                                                                                • Opcode ID: 3b01e644d60006382a710b4bd011029ad2f1d67d81beaffa3c83fa25a57dabab
                                                                                                                                                                • Instruction ID: 79bde7d56b158a35c7525364b70b3ad09b3b3108687495c25862516f796c8f4b
                                                                                                                                                                • Opcode Fuzzy Hash: 3b01e644d60006382a710b4bd011029ad2f1d67d81beaffa3c83fa25a57dabab
                                                                                                                                                                • Instruction Fuzzy Hash: 6B810173B202158BE768CF39E950B5D3EA1E794758F449239EA02CBF59EB38D840CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BE2B8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo$_cftoe_l_getptd
                                                                                                                                                                • String ID: gfffffff
                                                                                                                                                                • API String ID: 1282097019-1523873471
                                                                                                                                                                • Opcode ID: 96ad450056c59cccad7274b5b385ef099c025077f2c28498494f514af5d8e531
                                                                                                                                                                • Instruction ID: 9dfd545fda1323550516d9ae105fb2b1d049c8e7a5955cc95f8971b7edc240c6
                                                                                                                                                                • Opcode Fuzzy Hash: 96ad450056c59cccad7274b5b385ef099c025077f2c28498494f514af5d8e531
                                                                                                                                                                • Instruction Fuzzy Hash: 09A122B3B157C4CAEB018B2AE64438D7FA5A7227D4F0486A1CF69077A5E739D035C311
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B800C Relevance: 12.2, APIs: 8, Instructions: 180COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free$Wcsftime$_getptd_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2754364846-0
                                                                                                                                                                • Opcode ID: c9dd189a5e1769b69ecf4f500d36ab9f1a5e96a70ce07322ec7920b9d4459060
                                                                                                                                                                • Instruction ID: 4b9e3c7bb06e61d794ce42b3caf70b4a64f8d03a040d1f484618bf8abd6888d2
                                                                                                                                                                • Opcode Fuzzy Hash: c9dd189a5e1769b69ecf4f500d36ab9f1a5e96a70ce07322ec7920b9d4459060
                                                                                                                                                                • Instruction Fuzzy Hash: 5851D636715B82D2EB24CB65F85071A7A61FB84BE4F14462EDFA987BA4CF38C021C744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B06B0 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlCaptureContext.KERNEL32 ref: 666B49A7
                                                                                                                                                                • RtlLookupFunctionEntry.KERNEL32 ref: 666B49C6
                                                                                                                                                                • RtlVirtualUnwind.KERNEL32 ref: 666B4A12
                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B03D7), ref: 666B4A84
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B03D7), ref: 666B4A9C
                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B03D7), ref: 666B4AA9
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B03D7), ref: 666B4AC2
                                                                                                                                                                • TerminateProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B03D7), ref: 666B4AD0
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentDebuggerEntryFunctionLookupPresentTerminateUnwindVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3778485334-0
                                                                                                                                                                • Opcode ID: cbe8fdf6df426e514117a0e39cccabfcbc4720925b520ffc9da17805533aee65
                                                                                                                                                                • Instruction ID: a3a9ee8ac345312a3545064dcd9e640b546f1b3e9eb53bb272060eae6257d9fc
                                                                                                                                                                • Opcode Fuzzy Hash: cbe8fdf6df426e514117a0e39cccabfcbc4720925b520ffc9da17805533aee65
                                                                                                                                                                • Instruction Fuzzy Hash: 64311635604B44D6EB509B56F85034AB7B6F785394F40412AEA8E43778EFBFC0A4CB44
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B1058 Relevance: 10.6, APIs: 7, Instructions: 143COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32 ref: 666B10BC
                                                                                                                                                                  • Part of subcall function 666A8B14: Sleep.KERNEL32(?,?,?,66662097,?,?,?,66665695,?,?,?,?,666A8D9D), ref: 666A8B59
                                                                                                                                                                • free.LIBCMT ref: 666B113A
                                                                                                                                                                • free.LIBCMT ref: 666B1181
                                                                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 666B11B8
                                                                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 666B11E2
                                                                                                                                                                • free.LIBCMT ref: 666B11EF
                                                                                                                                                                • GetLocaleInfoW.KERNEL32 ref: 666B121A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocalefree$ErrorLastSleep
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3746651342-0
                                                                                                                                                                • Opcode ID: a3ba1b1518dacba98dc3cf592186bbf4413114259c08b7a0c3f03449d6191a80
                                                                                                                                                                • Instruction ID: d7c94ad18099e6c6aad51942196e84c300ea0a8ba5721bdb638eda634306c5cb
                                                                                                                                                                • Opcode Fuzzy Hash: a3ba1b1518dacba98dc3cf592186bbf4413114259c08b7a0c3f03449d6191a80
                                                                                                                                                                • Instruction Fuzzy Hash: 83414A22B25781A3E7209B66FD1076ABAA6BBA5BCCF444125DD0547B08FF7DC422C700
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666784BC Relevance: 9.2, APIs: 6, Instructions: 222COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_get_daylight$__tzset_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2616478628-0
                                                                                                                                                                • Opcode ID: 655ef1f4ea83cfb6a320505c19e1d66a8da784a7a9e1a6e0897fe5c66cd822df
                                                                                                                                                                • Instruction ID: 25fe36a4a7563878ef794ad5ef66a099497d348705f8c144644eb2012fe5130b
                                                                                                                                                                • Opcode Fuzzy Hash: 655ef1f4ea83cfb6a320505c19e1d66a8da784a7a9e1a6e0897fe5c66cd822df
                                                                                                                                                                • Instruction Fuzzy Hash: E771A176B20212EFFB6DCA6AF950B5D3FA0AB5074DF50413DDE06C6A68DB25CD018B41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66679C74 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __tzset.LIBCMT ref: 66679DD7
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66679DE0
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66679DF1
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66679E02
                                                                                                                                                                • _isindst.LIBCMT ref: 66679EBE
                                                                                                                                                                  • Part of subcall function 666B0450: GetCurrentProcess.KERNEL32(?,?,?,?,666B04F6), ref: 666B0468
                                                                                                                                                                • _errno.LIBCMT ref: 66679F12
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _get_daylight$CurrentProcess__tzset_errno_isindst
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1870958493-0
                                                                                                                                                                • Opcode ID: 78597dc28c4bfcc6b616d853051d3b187f8dc8c2dfde18e1f4a000f91dbb8494
                                                                                                                                                                • Instruction ID: e5a1dc5039303fa34153032c77a0c1931ac002286a2a7b87bf6b66fe1d297796
                                                                                                                                                                • Opcode Fuzzy Hash: 78597dc28c4bfcc6b616d853051d3b187f8dc8c2dfde18e1f4a000f91dbb8494
                                                                                                                                                                • Instruction Fuzzy Hash: 8A615973F145018AD728CB78ED916AC7FA6B79535DF548329EE0587E98EB38D501C700
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667A77C Relevance: 9.2, APIs: 6, Instructions: 194COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 130320b11ef42d93b8ac045de66516de0c5adf1c9e1da14806623ab4e1cf88f4
                                                                                                                                                                • Instruction ID: 7156ce5040d4541f277c20a1accf34016e8973fc94c830de30f9f27bb6a7574b
                                                                                                                                                                • Opcode Fuzzy Hash: 130320b11ef42d93b8ac045de66516de0c5adf1c9e1da14806623ab4e1cf88f4
                                                                                                                                                                • Instruction Fuzzy Hash: 0561F2B3B10A54C7EF28CB64E8517AC6B75F75478DF51822ADA0D4B758EB39C112C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B02A4 Relevance: 9.1, APIs: 6, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlCaptureContext.KERNEL32 ref: 666B0311
                                                                                                                                                                • RtlLookupFunctionEntry.KERNEL32 ref: 666B0329
                                                                                                                                                                • RtlVirtualUnwind.KERNEL32 ref: 666B0363
                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 666B0399
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 666B03A3
                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32 ref: 666B03AE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1239891234-0
                                                                                                                                                                • Opcode ID: 7f827f5f2175393c44725c978d461e6ae7b58077890ace0ea4cdd88024c54cbe
                                                                                                                                                                • Instruction ID: b1806b9c5897befc56a226460e797f2fbb889ab0f1d3a09de19ccc10fce11b1e
                                                                                                                                                                • Opcode Fuzzy Hash: 7f827f5f2175393c44725c978d461e6ae7b58077890ace0ea4cdd88024c54cbe
                                                                                                                                                                • Instruction Fuzzy Hash: 83319E32614F81DADB20CF65F84079E7BA4F7897A8F500126EA9D43B58EF39C565CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667B1E0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 66662064: GetLastError.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 6666206E
                                                                                                                                                                  • Part of subcall function 66662064: FlsGetValue.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 6666207C
                                                                                                                                                                  • Part of subcall function 66662064: FlsSetValue.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 666620A8
                                                                                                                                                                  • Part of subcall function 66662064: GetCurrentThreadId.KERNEL32 ref: 666620BC
                                                                                                                                                                  • Part of subcall function 66662064: SetLastError.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 666620D4
                                                                                                                                                                  • Part of subcall function 666A8B14: Sleep.KERNEL32(?,?,?,66662097,?,?,?,66665695,?,?,?,?,666A8D9D), ref: 666A8B59
                                                                                                                                                                • _errno.LIBCMT ref: 6667B51A
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 6667B525
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastValue$CurrentSleepThread_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: ;$;$JanFebMarAprMayJunJulAugSepOctNovDec
                                                                                                                                                                • API String ID: 1962487656-1313005829
                                                                                                                                                                • Opcode ID: 9c3767795288207ff0f9eb95abf50eaf2b32ad6b5273443a7830996d33ec241d
                                                                                                                                                                • Instruction ID: 02a5457eec72803875f450acdd5fccc498a35bd61a2863b59d00311f9145116c
                                                                                                                                                                • Opcode Fuzzy Hash: 9c3767795288207ff0f9eb95abf50eaf2b32ad6b5273443a7830996d33ec241d
                                                                                                                                                                • Instruction Fuzzy Hash: E881437372029687D719EF28E4516ED3BA1FB64705F48C12AE740CB754EB38E411C742
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666506B0 Relevance: 7.7, APIs: 5, Instructions: 181COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,666454CC), ref: 666506E7
                                                                                                                                                                • CreateEventW.KERNEL32(?,?,?,?,?,?,?,666454CC), ref: 666507C2
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,?,?,?,666454CC), ref: 6665090F
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,666454CC), ref: 66650919
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,666454CC), ref: 66650944
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalEventSection$CloseCreateEnterHandleLeave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4114679765-0
                                                                                                                                                                • Opcode ID: d2da6be3d9f087af6532904accb09e89f3afc5e77ed5519e90b3592840ae0e87
                                                                                                                                                                • Instruction ID: 7f7d55f9c341d03e032c270dd8b143c9cdf9d9ef8de3db189c2e535f6dce4071
                                                                                                                                                                • Opcode Fuzzy Hash: d2da6be3d9f087af6532904accb09e89f3afc5e77ed5519e90b3592840ae0e87
                                                                                                                                                                • Instruction Fuzzy Hash: 5B812676601F8492DB198F26E590799B3B4F788B98F05812ACFAE43760DF39D4B1C380
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B77D0 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Wcsftimefree$_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 715148685-0
                                                                                                                                                                • Opcode ID: ea86d7ad4a53d4809306d714c257a8f6212c969ac7ecec8d833db21a83137ffd
                                                                                                                                                                • Instruction ID: d5065b4036e254191096e5619ed8ae5cd0e10746d4a73998127f5870e4782ce8
                                                                                                                                                                • Opcode Fuzzy Hash: ea86d7ad4a53d4809306d714c257a8f6212c969ac7ecec8d833db21a83137ffd
                                                                                                                                                                • Instruction Fuzzy Hash: 74310A21B1134083EF289B65F89072E7E52ABC5F98F584639DF668BB84CF39C421C749
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B95DC Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,666B977F), ref: 666B9627
                                                                                                                                                                • GetLocaleInfoW.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,666B977F), ref: 666B96B8
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00000000,00000000,666B977F), ref: 666B96F3
                                                                                                                                                                • free.LIBCMT ref: 666B9707
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale$ByteCharMultiWidefree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 40707599-0
                                                                                                                                                                • Opcode ID: 01c472af8123f4f92aaf49607042830ee0b99a53e2875ba9aac70154422b199d
                                                                                                                                                                • Instruction ID: 62ffe7bdc4efca345da950f8fd85909c8eafe0d8e70917e7e91272320abcede9
                                                                                                                                                                • Opcode Fuzzy Hash: 01c472af8123f4f92aaf49607042830ee0b99a53e2875ba9aac70154422b199d
                                                                                                                                                                • Instruction Fuzzy Hash: F1319532714B80C6EB108F36F84068977A5FB66BECF584312EA2947B94EB79C421C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A9780 Relevance: 7.6, APIs: 5, Instructions: 80memorythreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Virtual$AllocGuaranteeInfoProtectQueryStackSystemThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 513674450-0
                                                                                                                                                                • Opcode ID: 80989fd48fea24758b9011788b1da24d3e8d994c43d621973defe9195834f86a
                                                                                                                                                                • Instruction ID: 3097b63530d24d6856771e5ab66b1c89ac1a7f98d19d8e0e7c13b7538a63c392
                                                                                                                                                                • Opcode Fuzzy Hash: 80989fd48fea24758b9011788b1da24d3e8d994c43d621973defe9195834f86a
                                                                                                                                                                • Instruction Fuzzy Hash: 2C317C32710B819EEB14CF31F8407D933A5FB48B8CF584126AA1A8BB08DF7AD695C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C323C Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 413COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID: !$atan2
                                                                                                                                                                • API String ID: 1156100317-1378383358
                                                                                                                                                                • Opcode ID: 2fd911ebbdf64547b4619e911c41f7e0c1c2a871cfbabcca03319d0197585a9e
                                                                                                                                                                • Instruction ID: c6f09cacb08d7d390f294f79741cd235c4a583ca9c4407b10bdd2b17aff872a4
                                                                                                                                                                • Opcode Fuzzy Hash: 2fd911ebbdf64547b4619e911c41f7e0c1c2a871cfbabcca03319d0197585a9e
                                                                                                                                                                • Instruction Fuzzy Hash: CC02E522A25FC488D623CF35F4113AAA769FF967D4F00C317ED5A36B54DB7A98938600
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C1200 Relevance: 6.4, APIs: 1, Strings: 2, Instructions: 1160COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: CP+hp/n$HPkmpon
                                                                                                                                                                • API String ID: 0-2625979888
                                                                                                                                                                • Opcode ID: ad88c6559ae78cdeec84818aed12dbbd9f1c2546d3f0f0a64ac70f65d8baf7ae
                                                                                                                                                                • Instruction ID: d8d6436d9a77e773c8613e9ddde2adb92404a451508908ceff000309bed99372
                                                                                                                                                                • Opcode Fuzzy Hash: ad88c6559ae78cdeec84818aed12dbbd9f1c2546d3f0f0a64ac70f65d8baf7ae
                                                                                                                                                                • Instruction Fuzzy Hash: 3AA2B072A1DAC08BD7658B19F49079EBBA0F39638CF10421AE6DA87B58D73DC450CF42
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667B768 Relevance: 6.1, APIs: 4, Instructions: 96timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$LocalTime_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 250023431-0
                                                                                                                                                                • Opcode ID: 47517cb4b6b9fd46706fd8de66f3e9b76a6524a7fd9687decf9a78b4c219b1b5
                                                                                                                                                                • Instruction ID: 110aaa528fa224ab58b410143e733e4af58f14ef8660f56de916932f00a5a24b
                                                                                                                                                                • Opcode Fuzzy Hash: 47517cb4b6b9fd46706fd8de66f3e9b76a6524a7fd9687decf9a78b4c219b1b5
                                                                                                                                                                • Instruction Fuzzy Hash: 973128A672028583D714DF3AF442599BBA2FBB8744F88D121E785CBB58EB3CD420C751
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BF558 Relevance: 5.8, Strings: 4, Instructions: 796COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                • API String ID: 0-2761157908
                                                                                                                                                                • Opcode ID: 001d23b21209d1a38430a0bcb005c7aa395698389d40015e21c3e6732d6301b8
                                                                                                                                                                • Instruction ID: 283d5277fc8e11e0f066f22a7160b8567fb1a74737a55403c6d98e3bbf19fe48
                                                                                                                                                                • Opcode Fuzzy Hash: 001d23b21209d1a38430a0bcb005c7aa395698389d40015e21c3e6732d6301b8
                                                                                                                                                                • Instruction Fuzzy Hash: B052CF7BF28250CFE318CFB9E010BAD3BB2F795748B409419DE0567A68EB358525CB90
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667AE9C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • JanFebMarAprMayJunJulAugSepOctNovDec, xrefs: 6667AFE1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: JanFebMarAprMayJunJulAugSepOctNovDec
                                                                                                                                                                • API String ID: 2959964966-2293443934
                                                                                                                                                                • Opcode ID: 0132dee6f95171efb05213b32c397d296929693bf348205aaef80d0d60df5990
                                                                                                                                                                • Instruction ID: 40cc74cb85f9b80ffeeecc7380067925852a63a2f482e831843e4a9b349fa119
                                                                                                                                                                • Opcode Fuzzy Hash: 0132dee6f95171efb05213b32c397d296929693bf348205aaef80d0d60df5990
                                                                                                                                                                • Instruction Fuzzy Hash: 6F7126B772025587C728DF28D851ADD3BA6FBA9702B81C13ADB40CB754F63AD501C742
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669E668 Relevance: 4.9, APIs: 3, Instructions: 430COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 1bbd1c7a08354943a698f1b4bc856d099b8e1a06ac64b588f503dc77ffdb03d2
                                                                                                                                                                • Instruction ID: 62ac7e7399613c6146f3340bf0f048d772bd2989595d106ec8e9891b6ac63de3
                                                                                                                                                                • Opcode Fuzzy Hash: 1bbd1c7a08354943a698f1b4bc856d099b8e1a06ac64b588f503dc77ffdb03d2
                                                                                                                                                                • Instruction Fuzzy Hash: A5F10D72704AC6CBD76C8F68F09026A7761FB95B81F60822ACF9A87B54DB38C558C741
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669D2C4 Relevance: 4.9, APIs: 3, Instructions: 417COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 2a93dcce056d3b0e7f0ccea518f03d3ce458e98828b7606f7af4f3619cc0238c
                                                                                                                                                                • Instruction ID: 5ebeb1f757f9b2597c8fb951d00bea4ea91e26660bb36d38fdf44272663cf4bd
                                                                                                                                                                • Opcode Fuzzy Hash: 2a93dcce056d3b0e7f0ccea518f03d3ce458e98828b7606f7af4f3619cc0238c
                                                                                                                                                                • Instruction Fuzzy Hash: CDE1FB32A08E86D7EB088F3AF59422D7B61F395B85B20533ADF4947B62CB38C455CB01
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667A0EC Relevance: 4.7, APIs: 3, Instructions: 207COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: bfce3214fda520ad8968e21ad983ec31e580ab584a93159750c36b9e06f467d0
                                                                                                                                                                • Instruction ID: 154831691e97cc63474899ac5a85ff709f6f33d378112fcb7598796069e713f6
                                                                                                                                                                • Opcode Fuzzy Hash: bfce3214fda520ad8968e21ad983ec31e580ab584a93159750c36b9e06f467d0
                                                                                                                                                                • Instruction Fuzzy Hash: 4D615CB2F156494BCB1C8F29EC117686A57A3D8745F08C13AEA19CFBD8F63CE6018740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666F454 Relevance: 4.7, APIs: 3, Instructions: 199fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _fileno.LIBCMT ref: 6666F48E
                                                                                                                                                                  • Part of subcall function 6666CCA8: _errno.LIBCMT ref: 6666CCB1
                                                                                                                                                                  • Part of subcall function 6666CCA8: _invalid_parameter_noinfo.LIBCMT ref: 6666CCBC
                                                                                                                                                                • ReadFile.KERNEL32 ref: 6666F57B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileRead_errno_fileno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1416837532-0
                                                                                                                                                                • Opcode ID: 5b9133cdfa81ed4463ca0c0fc0b7bcc69621664a17467447a548fa8a9e7992a3
                                                                                                                                                                • Instruction ID: 7a16517bef2e4ffaa8a17a6db43163349d6d4c76acce52691477701ddf59df5c
                                                                                                                                                                • Opcode Fuzzy Hash: 5b9133cdfa81ed4463ca0c0fc0b7bcc69621664a17467447a548fa8a9e7992a3
                                                                                                                                                                • Instruction Fuzzy Hash: F3713132715B848AEB11CF2BF6403993B63F7C1B98F148116DE0987BA9DB79C881C742
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BD2B4 Relevance: 3.6, APIs: 2, Instructions: 613COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: b07b18b9aeaa571b607c90c739fe8181488d2dce23926ffe164513d6358d24f4
                                                                                                                                                                • Instruction ID: c7e9fd7243bf217b716b3ef56a4a5d9f4ae7adb024a7e2e5c2aa98f4298127e4
                                                                                                                                                                • Opcode Fuzzy Hash: b07b18b9aeaa571b607c90c739fe8181488d2dce23926ffe164513d6358d24f4
                                                                                                                                                                • Instruction Fuzzy Hash: EB221377F18684CAE7148F69F050BEC3B72B352789F81001ACE496FB85D6399976CB41
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66679294 Relevance: 3.2, APIs: 2, Instructions: 243COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66679506
                                                                                                                                                                  • Part of subcall function 66678CA4: _errno.LIBCMT ref: 66678CAD
                                                                                                                                                                  • Part of subcall function 66678CA4: _invalid_parameter_noinfo.LIBCMT ref: 66678CB8
                                                                                                                                                                • _get_daylight.LIBCMT ref: 66679594
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _get_daylight$_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3559991230-0
                                                                                                                                                                • Opcode ID: 146eeed7e274105157406e61b85a496162776dfa33d213b03ab50bbab3b8af6e
                                                                                                                                                                • Instruction ID: 80addeaaeb6dd9a61bdb566944831d096c4982c3d85b368c5ae9ce9b8c6fdccc
                                                                                                                                                                • Opcode Fuzzy Hash: 146eeed7e274105157406e61b85a496162776dfa33d213b03ab50bbab3b8af6e
                                                                                                                                                                • Instruction Fuzzy Hash: C881F772B246554BD32CCF28FD817586AE7F395349F449235EA098BB94E739D510CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BB6E0 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _getptd.LIBCMT ref: 666BB707
                                                                                                                                                                  • Part of subcall function 666620F0: _amsg_exit.LIBCMT ref: 66662106
                                                                                                                                                                • GetLocaleInfoA.KERNEL32 ref: 666BB73C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale_amsg_exit_getptd
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 488165793-0
                                                                                                                                                                • Opcode ID: 1aac2d6261ae72d83d6dee15ef43487f6b499570fd44f998cab6581af4a864d0
                                                                                                                                                                • Instruction ID: 896687319f4a07637b789a40fb8292719f7a6a68286d2b8d6caad8c4104f5f94
                                                                                                                                                                • Opcode Fuzzy Hash: 1aac2d6261ae72d83d6dee15ef43487f6b499570fd44f998cab6581af4a864d0
                                                                                                                                                                • Instruction Fuzzy Hash: 9811DC32704B84D7DB28CF25F8813CAB7A1F788B85F844122DA5987714DF39E425CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B3444 Relevance: 1.7, APIs: 1, Instructions: 156COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _getptd.LIBCMT ref: 666B347E
                                                                                                                                                                  • Part of subcall function 666620F0: _amsg_exit.LIBCMT ref: 66662106
                                                                                                                                                                  • Part of subcall function 66676420: _errno.LIBCMT ref: 66676438
                                                                                                                                                                  • Part of subcall function 66676420: _invalid_parameter_noinfo.LIBCMT ref: 66676444
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _amsg_exit_errno_getptd_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1050512615-0
                                                                                                                                                                • Opcode ID: 398c8d594fb31352254cae52a6e52180acda85ac098e0237abeb72d13fb8b2bd
                                                                                                                                                                • Instruction ID: 011bf57f75cdfe9400f1989b689704df15f40e37a4abc7e1eca47967077546d8
                                                                                                                                                                • Opcode Fuzzy Hash: 398c8d594fb31352254cae52a6e52180acda85ac098e0237abeb72d13fb8b2bd
                                                                                                                                                                • Instruction Fuzzy Hash: AC51C476718685C6EB11CB23F91076BAF65FB85BC8F4484229F4957B08EF39C425C704
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665B624 Relevance: 1.6, APIs: 1, Instructions: 138synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32 ref: 6665B6FE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ObjectSingleWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 24740636-0
                                                                                                                                                                • Opcode ID: 4a2141f2c6ddfe0f01017231732f53892a49c6ee8bc5aac26c5b0f9c41765efb
                                                                                                                                                                • Instruction ID: c7ff735edb53943ed7c02d5b09eae5d41e28b32ac2b9817e0b80e432f1c5f883
                                                                                                                                                                • Opcode Fuzzy Hash: 4a2141f2c6ddfe0f01017231732f53892a49c6ee8bc5aac26c5b0f9c41765efb
                                                                                                                                                                • Instruction Fuzzy Hash: 1B517CB2604B808AD718DF2AE8A175EBBA5FB85F84F155125CB9983F10CF39D4B1C741
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666727AC Relevance: 1.6, APIs: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 66672844
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2050909247-0
                                                                                                                                                                • Opcode ID: 763bf4b4f5127ef289667d1bf7221e18bd7af39cd91d1039dd52bef1b897d911
                                                                                                                                                                • Instruction ID: 0c3070199694dff518f7fa243e006dbe438bed139700b67a666a9154b2c7b479
                                                                                                                                                                • Opcode Fuzzy Hash: 763bf4b4f5127ef289667d1bf7221e18bd7af39cd91d1039dd52bef1b897d911
                                                                                                                                                                • Instruction Fuzzy Hash: 8F214825B18680D6F7348B36FA0078B6F25E359384F948026DF444BA45CF7EC0278744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BB7CC Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoLocale
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2299586839-0
                                                                                                                                                                • Opcode ID: 6384a9f929665ee0ef2c456f62e9b64f5b10675a15c6e58e3d2510ecc167dcf7
                                                                                                                                                                • Instruction ID: ace1c51744b8e532e4cb2ec31800eb2f0821addd3acc141eb017792f64736198
                                                                                                                                                                • Opcode Fuzzy Hash: 6384a9f929665ee0ef2c456f62e9b64f5b10675a15c6e58e3d2510ecc167dcf7
                                                                                                                                                                • Instruction Fuzzy Hash: 3901D832A14A92DAE7245B59F4902993B64F784FC4F484021EB994B305CF35C8A3C744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BBC6C Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnumSystemLocalesA.KERNEL32 ref: 666BBCBC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnumLocalesSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2099609381-0
                                                                                                                                                                • Opcode ID: 31bb4e44d424090c4d21d4df281825f49e8964010d665678f23c2228388ff5b6
                                                                                                                                                                • Instruction ID: 366b1e737259ac058cd2a984503bb22271be2277b5bc67585eb864fb13d94c32
                                                                                                                                                                • Opcode Fuzzy Hash: 31bb4e44d424090c4d21d4df281825f49e8964010d665678f23c2228388ff5b6
                                                                                                                                                                • Instruction Fuzzy Hash: E9018C76A00704CBFB09CF31F4A63AE3BA1F794B49F048415CA1A46299CFB9C1B5CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B3010 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentProcess
                                                                                                                                                                • String ID: _.,
                                                                                                                                                                • API String ID: 2050909247-2709443920
                                                                                                                                                                • Opcode ID: 60c6a691c8419329447de817ddaed4356d47d453b3d51903a57d83944ee83f4b
                                                                                                                                                                • Instruction ID: 0080e1c22618fe6550da405230f6a32cda22acbd21b96f19319e5cc36e9038d2
                                                                                                                                                                • Opcode Fuzzy Hash: 60c6a691c8419329447de817ddaed4356d47d453b3d51903a57d83944ee83f4b
                                                                                                                                                                • Instruction Fuzzy Hash: C6413326B14381CBF734CA72F81175A3F26EB85788F488829CF5953A44DF78C966C344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666CA668 Relevance: .3, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7e02f915fb50ce6584a2c4f968aeb9387b937212602054af9806f07c59879c42
                                                                                                                                                                • Instruction ID: dae2df00bd0624fb1c1a3ae15b58d3ee94246ea13b80477df0a9028f7ba5fbc1
                                                                                                                                                                • Opcode Fuzzy Hash: 7e02f915fb50ce6584a2c4f968aeb9387b937212602054af9806f07c59879c42
                                                                                                                                                                • Instruction Fuzzy Hash: F7C1A3A3B11F8447CE05CF29F856369A3AAFB94BC4F419722EE4D67B58EB3DD0558200
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664D0E8 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7c34a4000ff72c20b0a155c36b8a94d67604884c1e2ec01271c3f0dbbb2a0378
                                                                                                                                                                • Instruction ID: 00b1b05a13a7d057136cb4b29d0d87b9b21e0dcc0eb84885b0753100f32ec835
                                                                                                                                                                • Opcode Fuzzy Hash: 7c34a4000ff72c20b0a155c36b8a94d67604884c1e2ec01271c3f0dbbb2a0378
                                                                                                                                                                • Instruction Fuzzy Hash: 2E919E73E18B94CAC761DF2AE480B4E77A1F389B88F55D215DE4947B18CB35C885CB01
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664B298 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c0988dc9ec7f6746332c8e90411b3f2b59a33995b1be5aa4fb2f01aa03ae90da
                                                                                                                                                                • Instruction ID: 7584383e43c1550f3d721d70d80f0ba791974868eccd0e2840aa43437284663a
                                                                                                                                                                • Opcode Fuzzy Hash: c0988dc9ec7f6746332c8e90411b3f2b59a33995b1be5aa4fb2f01aa03ae90da
                                                                                                                                                                • Instruction Fuzzy Hash: CE71F5B2B142548BDB14EF66E994A5DB7A1F758BC8F40D02ACF0A47B14DB3CD491CB81
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C8FF0 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 251457e6dc742b6692e661dd0299740cce170cf9c8c5392eb46e5769a0ffff01
                                                                                                                                                                • Instruction ID: 79473c6569661bacbb69b46d06e7182359ec8eed43efa924fd4690e9a73d450b
                                                                                                                                                                • Opcode Fuzzy Hash: 251457e6dc742b6692e661dd0299740cce170cf9c8c5392eb46e5769a0ffff01
                                                                                                                                                                • Instruction Fuzzy Hash: 11714973A24B849BD358CF38E64975A7BA4F709B5CF048718DFA687A54D738E061CB01
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C0008 Relevance: .2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a84a00940841a07d6a4f4d34eb23f93d9f0dcc6fe73abedee6fef420e945d121
                                                                                                                                                                • Instruction ID: 05017d164530442305fbdc36abcd0d95c2b3d5a8cb15a1791cc9eae56043bfc1
                                                                                                                                                                • Opcode Fuzzy Hash: a84a00940841a07d6a4f4d34eb23f93d9f0dcc6fe73abedee6fef420e945d121
                                                                                                                                                                • Instruction Fuzzy Hash: F451C2F7B206B88BD758CF1CE425F1976A9F354385B42D029EA4283F05EA37C850CB82
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C62B0 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ce64fc359df73913f26ae63ae1bf4d85b1263f48baa987c415cafc07ae4bbde3
                                                                                                                                                                • Instruction ID: da7f6ebd753671dc96e91556224521149a6a3002c23f228f4b27133488989127
                                                                                                                                                                • Opcode Fuzzy Hash: ce64fc359df73913f26ae63ae1bf4d85b1263f48baa987c415cafc07ae4bbde3
                                                                                                                                                                • Instruction Fuzzy Hash: E25134B3B24A4882CF14CF16F8567AAB692F7947C9F00D235EE5E4BB48DA3CD544C240
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667C6A0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a7d8c6f7bba168ffc0625198f47c5871dcf90bcb851dcec8fd7815c03af39325
                                                                                                                                                                • Instruction ID: e8e68519ee0365bf94d583213d743b1917e5be3df229ef8bbcf2ce924318f2ab
                                                                                                                                                                • Opcode Fuzzy Hash: a7d8c6f7bba168ffc0625198f47c5871dcf90bcb851dcec8fd7815c03af39325
                                                                                                                                                                • Instruction Fuzzy Hash: 2A316393D45BDC4C9E258D3CE5543B86E40EB22BA9F60A390DDB7A73E7E60A6147C201
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BA7C4 Relevance: 107.7, APIs: 86, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free$ErrorLanguagesLastPreferredRestoreThread_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3144437221-0
                                                                                                                                                                • Opcode ID: 505d13f523c9ea4e0e3c2904ec5059d1095d35294d476687a0d7990f66defb9e
                                                                                                                                                                • Instruction ID: dfdba8929a0f9a5c2d3e77c51327a78917a5761e434406bd487d4e7ab0250da7
                                                                                                                                                                • Opcode Fuzzy Hash: 505d13f523c9ea4e0e3c2904ec5059d1095d35294d476687a0d7990f66defb9e
                                                                                                                                                                • Instruction Fuzzy Hash: 31815422251A84A5DA45BB31EC942AC3B21EFE6F88F8441378A5DBB534CF31CC65C35C
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A4C50 Relevance: 79.2, APIs: 42, Strings: 3, Instructions: 437COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A4D00
                                                                                                                                                                  • Part of subcall function 666A3190: DName::doPchar.LIBCMT ref: 666A31C9
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4D15
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A50B9
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A50C2
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A50D5
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A50E2
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A50EB
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A50FE
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A510B
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A5114
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A5127
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A5134
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A5152
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A515F
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A5171
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A5195
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A51AB
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A51EC
                                                                                                                                                                  • Part of subcall function 666A4C50: UnDecorator::getZName.LIBCMT ref: 666A4DC8
                                                                                                                                                                  • Part of subcall function 666A4C50: DName::DName.LIBCMT ref: 666A4DEE
                                                                                                                                                                  • Part of subcall function 666A4C50: DName::operator+=.LIBCMT ref: 666A4E03
                                                                                                                                                                  • Part of subcall function 666A4C50: DName::operator+=.LIBCMT ref: 666A4E1D
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A52A8
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A52C9
                                                                                                                                                                • UnDecorator::getSymbolName.LIBCMT ref: 666A52EA
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A52F6
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A5306
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A4CE5
                                                                                                                                                                  • Part of subcall function 666A3464: DName::doPchar.LIBCMT ref: 666A3493
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A4D44
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4D58
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4D65
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4D83
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4D8E
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A4EDF
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A4F24
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A4FD9
                                                                                                                                                                • DNameStatusNode::make.LIBCMT ref: 666A5006
                                                                                                                                                                • DName::append.LIBCMT ref: 666A5011
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A5020
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A504E
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A508D
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A5367
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$Name$Name::Name::operator=$Decorator::get$DimensionSigned$Name::doPchar$Name::appendNode::makeStatusSymbol
                                                                                                                                                                • String ID: `anonymous namespace'$`string'$operator
                                                                                                                                                                • API String ID: 3844726095-815891235
                                                                                                                                                                • Opcode ID: f7f6d9503c6a2e68d72c767ceef4b4d09fb59d8b9bfb16006f50a5d8c58525ca
                                                                                                                                                                • Instruction ID: bc518f6cac1cd6cb1aa0e60b4120de09875bb34afc8010db23d929b00a479bf8
                                                                                                                                                                • Opcode Fuzzy Hash: f7f6d9503c6a2e68d72c767ceef4b4d09fb59d8b9bfb16006f50a5d8c58525ca
                                                                                                                                                                • Instruction Fuzzy Hash: CE129132F08B9195EB01CF74F8903EC7B72AB55B4CF545116CA4966A18EF66CDA9C380
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A8098 Relevance: 72.0, APIs: 18, Strings: 23, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$Name::operator=$NameName::$DataDecorator::getType
                                                                                                                                                                • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $bool$char$const$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                                                                                                                • API String ID: 849544831-2219450993
                                                                                                                                                                • Opcode ID: b4e92085fc986e08ec97c6fd0d7195b3c643c8017fe1d1c26b0f417a68648c66
                                                                                                                                                                • Instruction ID: 12ae32191bfaa734a63f3d44e3d7b003e8a38b26e0a85c9d87728920db36a718
                                                                                                                                                                • Opcode Fuzzy Hash: b4e92085fc986e08ec97c6fd0d7195b3c643c8017fe1d1c26b0f417a68648c66
                                                                                                                                                                • Instruction Fuzzy Hash: 0EB1B661A04BD5F4FB008FA8FC803EC3732FB16398F94511ADA58966B5DB69CD95C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A455C Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 213COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A45D2
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A4643
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4658
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A4791
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A47A7
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A47BE
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A47D8
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A47FB
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4807
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A4826
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4833
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A483F
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A45DB
                                                                                                                                                                  • Part of subcall function 666A44D8: DName::DName.LIBCMT ref: 666A4525
                                                                                                                                                                  • Part of subcall function 666A44D8: DName::operator+=.LIBCMT ref: 666A4537
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A466D
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A4690
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A46B2
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A46C6
                                                                                                                                                                • UnDecorator::getZName.LIBCMT ref: 666A471B
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A4725
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A473C
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A4848
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4855
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4861
                                                                                                                                                                • UnDecorator::getSignedDimension.LIBCMT ref: 666A486A
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4877
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A488A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$Decorator::get$DimensionSigned$Name$Name::
                                                                                                                                                                • String ID: NULL$`non-type-template-parameter$`template-parameter
                                                                                                                                                                • API String ID: 2293539798-3328097798
                                                                                                                                                                • Opcode ID: 8895d8ae9780ab67aadf26afb0ecb834a53a67307c90ead5c4b1640e2b96f611
                                                                                                                                                                • Instruction ID: 683ddee04c8bb7802fb765aa8ca4162d3db2024a38af51c2441363f066db77c6
                                                                                                                                                                • Opcode Fuzzy Hash: 8895d8ae9780ab67aadf26afb0ecb834a53a67307c90ead5c4b1640e2b96f611
                                                                                                                                                                • Instruction Fuzzy Hash: 0681FE62A18B81A5EB10CF65FC803AC7B61F79A748F805112DA8D57B54DFAACE58C780
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A3F20 Relevance: 39.2, APIs: 26, Instructions: 188COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$Name$Name::$Node::makeStatus$Name::appendName::operator=$Name::doPchar
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4027959325-0
                                                                                                                                                                • Opcode ID: 0d350c9a09242a76a94e4a15cd5d7deecebbd2fe6fcc81cf144cbaa2259124b4
                                                                                                                                                                • Instruction ID: 4455246ea962d3946a53351a123e6f19367f56ec958c4fe5035c3ac610aee509
                                                                                                                                                                • Opcode Fuzzy Hash: 0d350c9a09242a76a94e4a15cd5d7deecebbd2fe6fcc81cf144cbaa2259124b4
                                                                                                                                                                • Instruction Fuzzy Hash: 8D815B22E10BA598F700CBB4EC841EC7B32BB6974CF445215DE89B6A59EF749D95C380
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B1450 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 136libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryW.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B1495
                                                                                                                                                                • GetProcAddress.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B14B1
                                                                                                                                                                • EncodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B14C3
                                                                                                                                                                • GetProcAddress.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B14DA
                                                                                                                                                                • EncodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B14E3
                                                                                                                                                                • GetProcAddress.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B14FA
                                                                                                                                                                • EncodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B1503
                                                                                                                                                                • GetProcAddress.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B151A
                                                                                                                                                                • EncodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B1523
                                                                                                                                                                • GetProcAddress.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B1542
                                                                                                                                                                • EncodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B154B
                                                                                                                                                                • DecodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B157E
                                                                                                                                                                • DecodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B158E
                                                                                                                                                                • DecodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B15E4
                                                                                                                                                                • DecodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B1605
                                                                                                                                                                • DecodePointer.KERNEL32(?,6669F215,?,?,?,6664115E), ref: 666B161F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Pointer$AddressDecodeEncodeProc$LibraryLoad
                                                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                                                                                                                                • API String ID: 2643518689-564504941
                                                                                                                                                                • Opcode ID: 81cd7c73098148d8932ef771a249fe1c63b7a4110763cea09cd36e985f08efe0
                                                                                                                                                                • Instruction ID: e8cef7af578489388a7815285bd6efcbcd3ad54a68eb9db81711a705a277cd8e
                                                                                                                                                                • Opcode Fuzzy Hash: 81cd7c73098148d8932ef771a249fe1c63b7a4110763cea09cd36e985f08efe0
                                                                                                                                                                • Instruction Fuzzy Hash: 48511776702B51A1EE05EB97F854764A3A2AF89BC1F48002AEC1E43724EF7BC476C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BC064 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 136libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Pointer$AddressDecodeEncodeProc$LibraryLoad
                                                                                                                                                                • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL
                                                                                                                                                                • API String ID: 2643518689-232180764
                                                                                                                                                                • Opcode ID: 7009a1729d97c3db45bb440790b2341cd14748860d85505e28a916aef37a55b2
                                                                                                                                                                • Instruction ID: e531ad42312f70e31da6c3cbd72bee48a4672e24c97809cf048a91e176966426
                                                                                                                                                                • Opcode Fuzzy Hash: 7009a1729d97c3db45bb440790b2341cd14748860d85505e28a916aef37a55b2
                                                                                                                                                                • Instruction Fuzzy Hash: B7512820B12B4191FE05DBAAFC5472463A2AF4ABD1F081029EC5E97B24EF7BC275C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AB424 Relevance: 27.2, APIs: 18, Instructions: 238COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2315031519-0
                                                                                                                                                                • Opcode ID: 864085794b2f38e08053cfd672e25b289c15526655db702a990b325b7040f09c
                                                                                                                                                                • Instruction ID: 2ab1097e2edc879f0eaed8e37b3154774c76ed88ac26501a409ba18e955ea6b2
                                                                                                                                                                • Opcode Fuzzy Hash: 864085794b2f38e08053cfd672e25b289c15526655db702a990b325b7040f09c
                                                                                                                                                                • Instruction Fuzzy Hash: E1A1D172608795C7D710CF66F88032EFBB1F785B55F00422AEBA987A54DBB9D860CB50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AB06C Relevance: 27.2, APIs: 18, Instructions: 236COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2315031519-0
                                                                                                                                                                • Opcode ID: 2983ff00726601a7282e187ead0cdbb625c2633e0729287ed5ee9da56edf29a9
                                                                                                                                                                • Instruction ID: 71455e5d14fb1b3bf16f80aef57ae9c87356dcf621b87fcb9c031128116e1f26
                                                                                                                                                                • Opcode Fuzzy Hash: 2983ff00726601a7282e187ead0cdbb625c2633e0729287ed5ee9da56edf29a9
                                                                                                                                                                • Instruction Fuzzy Hash: 4AA1EF72608795C7D7108F66F88032EFBB1FB85B55F00422AEBD987A58DB78C864CB50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A9F0C Relevance: 27.2, APIs: 18, Instructions: 235COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2315031519-0
                                                                                                                                                                • Opcode ID: b6eadaa03243fc035e42b904b4c18735be55e895de56f0b7379cd1603c870121
                                                                                                                                                                • Instruction ID: 4088858bbc387aa5836761edae816a7bede6c8832019f06dece2e0e50db0c946
                                                                                                                                                                • Opcode Fuzzy Hash: b6eadaa03243fc035e42b904b4c18735be55e895de56f0b7379cd1603c870121
                                                                                                                                                                • Instruction Fuzzy Hash: F7A1C072618751DBE7108F66F88032EFBB1F785B55F00412AEB9987A58DB7EC860CB50
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B0F4C Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast_errno_invalid_parameter_noinfo$AddressDecodeLibraryLoadPointerProc
                                                                                                                                                                • String ID: ADVAPI32.DLL$SystemFunction036
                                                                                                                                                                • API String ID: 3960458323-1064046199
                                                                                                                                                                • Opcode ID: 9d69fcb6b4435f3fda825ea1c5b1c52f485edcb0c1b6548f0265bbb7fba7bb1b
                                                                                                                                                                • Instruction ID: ee8fa70502abddbc99db38079eef36a2ddbdbad04269ba1cfccd7ec8b2f65104
                                                                                                                                                                • Opcode Fuzzy Hash: 9d69fcb6b4435f3fda825ea1c5b1c52f485edcb0c1b6548f0265bbb7fba7bb1b
                                                                                                                                                                • Instruction Fuzzy Hash: 99213071705780D6EF00AF66F91434DAAA1AF49BC9F044524EA0A87725EF3EC871C395
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666676B8 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$FullNamePath__doserrno_getdrive_invalid_parameter_noinfo
                                                                                                                                                                • String ID: .$.
                                                                                                                                                                • API String ID: 2522281643-3769392785
                                                                                                                                                                • Opcode ID: b85bf5b496b82f197dbb225acfdd4899b448cc7da5b25e94e1cfbef6c59376bb
                                                                                                                                                                • Instruction ID: 51ae8a1bc6d692afbfa7764eb21d783c69549fe1d90f7a39312b57aeed9dbade
                                                                                                                                                                • Opcode Fuzzy Hash: b85bf5b496b82f197dbb225acfdd4899b448cc7da5b25e94e1cfbef6c59376bb
                                                                                                                                                                • Instruction Fuzzy Hash: 4E31E1B260468086FB219F63FC1035E6EA1EF94788F454121DE59CB710EB3CE851CBAB
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A4208 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A427F
                                                                                                                                                                  • Part of subcall function 666A35AC: DName::doPchar.LIBCMT ref: 666A35EA
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4294
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A42C5
                                                                                                                                                                  • Part of subcall function 666A3638: DName::operator=.LIBCMT ref: 666A3663
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A42F7
                                                                                                                                                                  • Part of subcall function 666A3150: DName::doPchar.LIBCMT ref: 666A317A
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A430B
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A431F
                                                                                                                                                                  • Part of subcall function 666A35AC: DName::append.LIBCMT ref: 666A361D
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A432B
                                                                                                                                                                  • Part of subcall function 666A341C: DName::append.LIBCMT ref: 666A344E
                                                                                                                                                                • DNameStatusNode::make.LIBCMT ref: 666A4373
                                                                                                                                                                • DName::append.LIBCMT ref: 666A437E
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A438D
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::DName.LIBCMT ref: 666A6BE4
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::operator+=.LIBCMT ref: 666A6BF8
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::DName.LIBCMT ref: 666A6C13
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::operator+=.LIBCMT ref: 666A6C29
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::DName.LIBCMT ref: 666A6C96
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::operator+=.LIBCMT ref: 666A6CAE
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::operator+=.LIBCMT ref: 666A6CC4
                                                                                                                                                                  • Part of subcall function 666A6B64: DName::operator+=.LIBCMT ref: 666A6CDA
                                                                                                                                                                  • Part of subcall function 666A6B64: UnDecorator::getZName.LIBCMT ref: 666A6CF8
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A4397
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A43D7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$Name$Name::$Name::append$Name::doName::operator=Pchar$Decorator::getNode::makeStatus
                                                                                                                                                                • String ID: {for
                                                                                                                                                                • API String ID: 2672197563-864106941
                                                                                                                                                                • Opcode ID: 336f218feb97554d4b34c35cb12c1e2588c7fd09c7dd9a529c56571919661023
                                                                                                                                                                • Instruction ID: b46c32b0572e0847c6980f001df9a1c4127d0d3ec896d773ff07f3404eba853c
                                                                                                                                                                • Opcode Fuzzy Hash: 336f218feb97554d4b34c35cb12c1e2588c7fd09c7dd9a529c56571919661023
                                                                                                                                                                • Instruction Fuzzy Hash: E051DD62E14B84A8FB028B66EC803EC3B71B759748F548115DF8822BA5CFBECD95C354
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665DF50 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 108threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • [%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d), xrefs: 6665E04C
                                                                                                                                                                • [%d] %S: !!!!!!!Assert Failed(%S: %d), xrefs: 6665E07C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Debug$BreakCurrentThreadValueswprintf$OutputStringfflushfwprintf
                                                                                                                                                                • String ID: [%d:%d:%d:%d(%d)] %S: !!!!!!!Assert Failed(%S: %d)$[%d] %S: !!!!!!!Assert Failed(%S: %d)
                                                                                                                                                                • API String ID: 2283501107-813932914
                                                                                                                                                                • Opcode ID: 5d371ec26b70e0a2d514147bb65014d8fe0dd72756ede78e45ded96c05ba8c4a
                                                                                                                                                                • Instruction ID: 2dabd01f6777e877089544be5fb2b61a99bfaf519a0fe348aeef71a3c8e751bb
                                                                                                                                                                • Opcode Fuzzy Hash: 5d371ec26b70e0a2d514147bb65014d8fe0dd72756ede78e45ded96c05ba8c4a
                                                                                                                                                                • Instruction Fuzzy Hash: 4E417E76204B8096EB109F62FC5035A7B62FB88B98F454125FE5943B68DF3AC4A5CB84
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AD6BC Relevance: 19.7, APIs: 13, Instructions: 183COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3902385426-0
                                                                                                                                                                • Opcode ID: a1d4d399a98053759bac8ca5dd7bc528b66e30614e0d423699d1b14415df85f2
                                                                                                                                                                • Instruction ID: 36567ef6b1d91533db6002c3c212f7cc82165c19380cae2285fc98760a248098
                                                                                                                                                                • Opcode Fuzzy Hash: a1d4d399a98053759bac8ca5dd7bc528b66e30614e0d423699d1b14415df85f2
                                                                                                                                                                • Instruction Fuzzy Hash: 4171E273628BC482DB418F2AF85075EBF62F781B98F444216EE8A477A4CF79C855C741
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66649638 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 113memorylibraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 66649682
                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 666496E0
                                                                                                                                                                • TlsAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 666496E7
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 666496F5
                                                                                                                                                                  • Part of subcall function 666440A8: std::exception::exception.LIBCMT ref: 666440C8
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 6664972C
                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 6664973C
                                                                                                                                                                • VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 66649779
                                                                                                                                                                • CreateEventW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000010,6664922C), ref: 666497E6
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocCountCriticalInitializeSectionSpin$AddressCreateErrorEventExceptionHandleLastModuleProcRaiseVirtualstd::exception::exception
                                                                                                                                                                • String ID: FlushProcessWriteBuffers$bad allocation$kernel32.dll
                                                                                                                                                                • API String ID: 427061777-103648123
                                                                                                                                                                • Opcode ID: 8de592576e202f15f1ae4f0244687eea5953383bffe01723ecf52d645c2ede7b
                                                                                                                                                                • Instruction ID: 0965028a68a4927072786497652f3fec756fd3d39e7f4b55d3f48d5d707448e0
                                                                                                                                                                • Opcode Fuzzy Hash: 8de592576e202f15f1ae4f0244687eea5953383bffe01723ecf52d645c2ede7b
                                                                                                                                                                • Instruction Fuzzy Hash: AB516D32314B5096E704DF24F95034977A9FB48B98F50821AEBA943BA4DF3AD476C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66665508 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentDirectory$EnvironmentVariable__doserrno_errno_invalid_parameter_noinfofree
                                                                                                                                                                • String ID: :$=
                                                                                                                                                                • API String ID: 1545685631-2134709475
                                                                                                                                                                • Opcode ID: 44a89d68b534f21bb6f40929e39f8b706a16a2a75922223f5879d521b5c876ac
                                                                                                                                                                • Instruction ID: 832bc1764515989638e31ff6ba341b93bb15de52fe9200adccd3c378973ebf28
                                                                                                                                                                • Opcode Fuzzy Hash: 44a89d68b534f21bb6f40929e39f8b706a16a2a75922223f5879d521b5c876ac
                                                                                                                                                                • Instruction Fuzzy Hash: 9E310072704BC086EB219B67FC0939A7B62BB89B84F440124DA9A87356DF7DC401CB52
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666AEC8 Relevance: 18.2, APIs: 12, Instructions: 193processsynchronizationCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandleProcess__doserrno_errno$CodeCreateErrorExitLastObjectSingleWait_invalid_parameter_noinfofree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2975444996-0
                                                                                                                                                                • Opcode ID: c2176cff9fdb3fe0df550aab2591a6eb301f83e003ddebd927a61c70f3a81d3b
                                                                                                                                                                • Instruction ID: c4c6af5a30c5e9eaab55fbcef1b9c0f106a131c74818fc38a551a5c65e074964
                                                                                                                                                                • Opcode Fuzzy Hash: c2176cff9fdb3fe0df550aab2591a6eb301f83e003ddebd927a61c70f3a81d3b
                                                                                                                                                                • Instruction Fuzzy Hash: EC7134B2B10B40D6EB108F6AF58039D7B71F7957A9F408216DE2987790DB3AC465C342
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666691D4 Relevance: 18.2, APIs: 12, Instructions: 192processsynchronizationCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandleProcess__doserrno_errno$CodeCreateErrorExitLastObjectSingleWait_invalid_parameter_noinfofree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2975444996-0
                                                                                                                                                                • Opcode ID: 1ecd13ea90b60f1a334568a096d3fbb2bee71e72e1ec16fb5ee865d8c8581f2e
                                                                                                                                                                • Instruction ID: 9fe340600011fc68617c81a6cb30b001879d7b454c96daf67d869a20341adac2
                                                                                                                                                                • Opcode Fuzzy Hash: 1ecd13ea90b60f1a334568a096d3fbb2bee71e72e1ec16fb5ee865d8c8581f2e
                                                                                                                                                                • Instruction Fuzzy Hash: 0B61CB72B14B818AEB118FAAF48039D3B65F785B9CF414316CE2E87794DB7AC416C342
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666CF4C Relevance: 18.1, APIs: 12, Instructions: 149COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _fileno$_errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 482796045-0
                                                                                                                                                                • Opcode ID: 9788eda952c544b8d65c02f392ab354ef343216714b2924e52f7ec3e380b7918
                                                                                                                                                                • Instruction ID: dfe04dea1af450e6259a57111c092461c7422940e9320b3a0c01b8f7161fe0e5
                                                                                                                                                                • Opcode Fuzzy Hash: 9788eda952c544b8d65c02f392ab354ef343216714b2924e52f7ec3e380b7918
                                                                                                                                                                • Instruction Fuzzy Hash: 5151D822214A8186DB149F37F99027D7B51FB82BA8B645316EB7BC76D0CF28C462C346
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667E1C8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo$_cftoa_cftof_l_fltout2_getptd
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 717960106-4108050209
                                                                                                                                                                • Opcode ID: 28d7dcd561e1d63a5e60ce5312bf22c63142594753be77560865791ce0c4e988
                                                                                                                                                                • Instruction ID: bcf995acd616e84b773c5f21b2ef9dc9cef7cb7e67c25fd789eedb1fd5318a6d
                                                                                                                                                                • Opcode Fuzzy Hash: 28d7dcd561e1d63a5e60ce5312bf22c63142594753be77560865791ce0c4e988
                                                                                                                                                                • Instruction Fuzzy Hash: 52414533B186C589FB218F75F8503EC3F61A756BACF088211CA694B755DB39841EC356
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A0378 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _getptd$CreateFrameInfo_amsg_exit
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 2825728721-1018135373
                                                                                                                                                                • Opcode ID: 60cd92b7af43c721de4dd92aaf84d0dadcfc578e7d11e6112f11fc6b30265a88
                                                                                                                                                                • Instruction ID: d4be24112dc1b02cd6f8c25c98733f8747038dcc14daa34943d8ee2a43964db4
                                                                                                                                                                • Opcode Fuzzy Hash: 60cd92b7af43c721de4dd92aaf84d0dadcfc578e7d11e6112f11fc6b30265a88
                                                                                                                                                                • Instruction Fuzzy Hash: C3415936208B81D2C6208F16F9503AFBBA9F788BA9F014225DF9D47B54DF39C4A5C785
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666673AC Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentDirectory$EnvironmentVariable__doserrno_errno_invalid_parameter_noinfofree
                                                                                                                                                                • String ID: :
                                                                                                                                                                • API String ID: 1545685631-336475711
                                                                                                                                                                • Opcode ID: 170bd1df2704868e60b7afac739a70513667cb60ab23afed2504d1a73c378c74
                                                                                                                                                                • Instruction ID: 5522447864cd88359ff25d28916bb9c28f837dab16915e225e23682f551789a1
                                                                                                                                                                • Opcode Fuzzy Hash: 170bd1df2704868e60b7afac739a70513667cb60ab23afed2504d1a73c378c74
                                                                                                                                                                • Instruction Fuzzy Hash: AA313732710B4082EB209F22F84835A7F65FB88B94F940135DE9987748EFBDD455C716
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BC274 Relevance: 16.8, APIs: 11, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free$_errno$EnvironmentVariable__wtomb_environ_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 101574016-0
                                                                                                                                                                • Opcode ID: b512e1aa1f5bbb9ab49b3ac9b9e7ffe6245f63a1349afe90ea3e900f8d7d91ac
                                                                                                                                                                • Instruction ID: 4b85855399d003b67c9631442c714f77fd6e5fbb8a20d44eeca0507d76caddbc
                                                                                                                                                                • Opcode Fuzzy Hash: b512e1aa1f5bbb9ab49b3ac9b9e7ffe6245f63a1349afe90ea3e900f8d7d91ac
                                                                                                                                                                • Instruction Fuzzy Hash: 2491E532B06B40C5EA05DB25F91036A7FA6FB41BD8F4486299E6B4B754EF39CA71C304
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666757C Relevance: 16.6, APIs: 11, Instructions: 87COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$FullNamePathfree$ErrorLast_invalid_parameter_noinfocalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3219262609-0
                                                                                                                                                                • Opcode ID: 5e983dd921cd492e86ce43109c0ed27262e0575fcc214e26d7ccbc4d0291a180
                                                                                                                                                                • Instruction ID: 26b38c7320a78d4d56b4d576feea8f023928573324b74bdb453295aa82a9c0af
                                                                                                                                                                • Opcode Fuzzy Hash: 5e983dd921cd492e86ce43109c0ed27262e0575fcc214e26d7ccbc4d0291a180
                                                                                                                                                                • Instruction Fuzzy Hash: 4621217170878089FA05AB6BF9103492E619BA6BE4F1486308E26CBB95EF38D450C74B
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A84D8 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 130COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DName::operator=.LIBCMT ref: 666A853C
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A854D
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A85FF
                                                                                                                                                                  • Part of subcall function 666A8098: DName::operator=.LIBCMT ref: 666A811F
                                                                                                                                                                  • Part of subcall function 666A8098: DName::DName.LIBCMT ref: 666A83DB
                                                                                                                                                                  • Part of subcall function 666A8098: DName::operator+=.LIBCMT ref: 666A83F0
                                                                                                                                                                  • Part of subcall function 666A8098: DName::DName.LIBCMT ref: 666A840E
                                                                                                                                                                  • Part of subcall function 666A8098: DName::operator+=.LIBCMT ref: 666A8422
                                                                                                                                                                  • Part of subcall function 666A8098: DName::operator+=.LIBCMT ref: 666A842F
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A86CF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$NameName::$Name::operator=
                                                                                                                                                                • String ID: std::nullptr_t$volatile
                                                                                                                                                                • API String ID: 3368348380-3726895890
                                                                                                                                                                • Opcode ID: be69e9e6b9465d7cda11242cf661ec527dfce4e95393f676544e86e3864019ea
                                                                                                                                                                • Instruction ID: 21dd0a2ca4c1b6fbc5035a1efccf20478c552f231d12fbe5f3c32f4bbe492222
                                                                                                                                                                • Opcode Fuzzy Hash: be69e9e6b9465d7cda11242cf661ec527dfce4e95393f676544e86e3864019ea
                                                                                                                                                                • Instruction Fuzzy Hash: 1C51D232A24BD4A4FB01CF66FC403A87B72F765788F549119EA5A16B79DB3ACC64C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669FEDC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _getptd$CreateFrameInfo
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 4181383844-1018135373
                                                                                                                                                                • Opcode ID: 705fd13e4316dcf2e86341cab554175d3ba05b221e918960e5e0011c1c0f6158
                                                                                                                                                                • Instruction ID: d06ac47a57402aadd227788d3c0cb405fa37065825069741d04d4be12f02f91f
                                                                                                                                                                • Opcode Fuzzy Hash: 705fd13e4316dcf2e86341cab554175d3ba05b221e918960e5e0011c1c0f6158
                                                                                                                                                                • Instruction Fuzzy Hash: 5811893255874286CB248F22F0603693B78F7C5BBAF1A4334DEB442685CB71C090C28A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B4490 Relevance: 15.2, APIs: 10, Instructions: 250COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B4842), ref: 666B4583
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B4842), ref: 666B4602
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B4842), ref: 666B46A9
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,666B4842), ref: 666B46CF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide$Info
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1775632426-0
                                                                                                                                                                • Opcode ID: a027196a30ca5862383b9e46595489b1d604373000ed37fa9ba8da8bed10e66f
                                                                                                                                                                • Instruction ID: 66457f3b9881fce1bfc628c5e7b98e38170b096bea53ac20f27fc3df49b48184
                                                                                                                                                                • Opcode Fuzzy Hash: a027196a30ca5862383b9e46595489b1d604373000ed37fa9ba8da8bed10e66f
                                                                                                                                                                • Instruction Fuzzy Hash: 08912773B04B80CAEB118F25F45039A7B92F782BA4F454626EA695778CEBF4C475C344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669C6DC Relevance: 15.1, APIs: 10, Instructions: 137COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$wcsnlen$String_invalid_parameter_noinfofreemalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3615538802-0
                                                                                                                                                                • Opcode ID: 772df8c94c0eec54ee27d8682ed400829b20ce3e3bedd445c61022cf672ad9fa
                                                                                                                                                                • Instruction ID: 243c3859d668321e4174718d2f029f8287b9c5c41db3a45d5f11bbd2f4d71ec6
                                                                                                                                                                • Opcode Fuzzy Hash: 772df8c94c0eec54ee27d8682ed400829b20ce3e3bedd445c61022cf672ad9fa
                                                                                                                                                                • Instruction Fuzzy Hash: 2941F372710782AAEB148F26F95028D3F65FB45BE8F404321EE2B5BB99DB38C451C356
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669BF20 Relevance: 15.1, APIs: 10, Instructions: 137COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$wcsnlen$String_invalid_parameter_noinfofreemalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3615538802-0
                                                                                                                                                                • Opcode ID: c05e975714edac8f99c87dee90828c177c18c3c7ab1b54ba5afbd8573d834fd3
                                                                                                                                                                • Instruction ID: fcf43a4c7786931eec94e8ca11c53df20c94576ec85a8a6e79fdfe633009c5ca
                                                                                                                                                                • Opcode Fuzzy Hash: c05e975714edac8f99c87dee90828c177c18c3c7ab1b54ba5afbd8573d834fd3
                                                                                                                                                                • Instruction Fuzzy Hash: 65411972700742CAEB118F26F84025E3F65FB45BE8F408316DE2A8B798DB39C451C796
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66680EB0 Relevance: 15.1, APIs: 10, Instructions: 123COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 66680EF7
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 66680F03
                                                                                                                                                                • _errno.LIBCMT ref: 66680F4D
                                                                                                                                                                • _errno.LIBCMT ref: 66680F58
                                                                                                                                                                • _errno.LIBCMT ref: 66680F8A
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 66680F94
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,6668108B), ref: 66681006
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,6668108B), ref: 66681023
                                                                                                                                                                • _errno.LIBCMT ref: 66681049
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 66681055
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo$ByteCharErrorLastMultiWide
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2295021086-0
                                                                                                                                                                • Opcode ID: 0fb21a851a81f650c83b35a3cd013bee7db2884d8166f77a7198e8c14a211696
                                                                                                                                                                • Instruction ID: 29f7ae82f31cd8d88ec103425844020728eb756dc674cdc33acaa55a44edfaab
                                                                                                                                                                • Opcode Fuzzy Hash: 0fb21a851a81f650c83b35a3cd013bee7db2884d8166f77a7198e8c14a211696
                                                                                                                                                                • Instruction Fuzzy Hash: D441FC72A067409AFB118F75F54039D7E70EB917ACF10C629DE6947A98DB38C042C7E9
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B0014 Relevance: 15.1, APIs: 10, Instructions: 93threadCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$CurrentThread_invalid_parameter_noinfowcsnlen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3453424779-0
                                                                                                                                                                • Opcode ID: 05c48fadcfb2a9c52de68f15376c6c8a611ca7b309dd33d768678981e023452c
                                                                                                                                                                • Instruction ID: 80b2b8a5692abb7ec0bd82c1096c5dc654ce8fb1b2ce3a16971e9f5f8e50954c
                                                                                                                                                                • Opcode Fuzzy Hash: 05c48fadcfb2a9c52de68f15376c6c8a611ca7b309dd33d768678981e023452c
                                                                                                                                                                • Instruction Fuzzy Hash: 3131B172B14250CAEB196F66FA4114D3FA0FB56B88B099125CB0687721EB78C870C7DB
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AF7B8 Relevance: 15.1, APIs: 10, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _lseek_nolock$__doserrno_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3876669530-0
                                                                                                                                                                • Opcode ID: c8de76179ee8130266556c0b2325a9c005e5668712c73aa72392a2f3b846fbbb
                                                                                                                                                                • Instruction ID: 5b724aaa054018b6634c3b77703c8fc2ad14d185713f9097859cc909fe26ee56
                                                                                                                                                                • Opcode Fuzzy Hash: c8de76179ee8130266556c0b2325a9c005e5668712c73aa72392a2f3b846fbbb
                                                                                                                                                                • Instruction Fuzzy Hash: 4221E233B143405AE7055F3AF89036DBE62A7C1769F494315DA258B2D2CB788C41CB6A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664370C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 244timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 666437B9
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 66643812
                                                                                                                                                                  • Part of subcall function 666431F4: CreateTimerQueue.KERNEL32(666411BA), ref: 66643217
                                                                                                                                                                • CreateTimerQueueTimer.KERNEL32 ref: 666439F4
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 66643759
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Timerstd::exception::exception$CreateQueue$ExceptionRaise
                                                                                                                                                                • String ID: $bad allocation$eief$pEvents
                                                                                                                                                                • API String ID: 653127754-1454568727
                                                                                                                                                                • Opcode ID: d020c1ebd56b5c442353a4f359e9293d49648d437950e617e230ee7d25fbc01f
                                                                                                                                                                • Instruction ID: 20b458571d136181ed33ff3c0eebdf1331b4ed180933dd40e4b71da34ec77a11
                                                                                                                                                                • Opcode Fuzzy Hash: d020c1ebd56b5c442353a4f359e9293d49648d437950e617e230ee7d25fbc01f
                                                                                                                                                                • Instruction Fuzzy Hash: 1CA19072B14B8096EB00DF2AF84038D7B71FB947ACF508216DA5D57A68EF7AC995C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66649394 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00000001,6664996F), ref: 666493A1
                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,00000001,6664996F), ref: 666493B1
                                                                                                                                                                • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,00000001,6664996F), ref: 666493C1
                                                                                                                                                                • GetProcAddress.KERNEL32(?,?,?,?,?,?,00000001,6664996F), ref: 666493D1
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,6664996F), ref: 66649405
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressHandleModuleProc$ErrorLast
                                                                                                                                                                • String ID: GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
                                                                                                                                                                • API String ID: 798792539-3636059452
                                                                                                                                                                • Opcode ID: 219a88ddd12c460c98a3bd43fd138103a81c988a586b077b2f00d2b6b569dafd
                                                                                                                                                                • Instruction ID: 2479dfebe370505cc7772ef3cae4090a7beecd75d5ca587a82f8ee00502b91e6
                                                                                                                                                                • Opcode Fuzzy Hash: 219a88ddd12c460c98a3bd43fd138103a81c988a586b077b2f00d2b6b569dafd
                                                                                                                                                                • Instruction Fuzzy Hash: 7D318771714A4296EB00EB22FD4035573B3FB503D8F408269E86A867A4EF7FC525CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664EF58 Relevance: 13.7, APIs: 9, Instructions: 171memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 666A8DBC: malloc.LIBCMT ref: 666A8DD6
                                                                                                                                                                • InitializeSListHead.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F084
                                                                                                                                                                • InitializeSListHead.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F08E
                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F0C0
                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F170
                                                                                                                                                                • InitializeSListHead.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F193
                                                                                                                                                                • InitializeSListHead.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F1A0
                                                                                                                                                                • InitializeSListHead.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F1AD
                                                                                                                                                                • TlsAlloc.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F21D
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,00000000,?,6664F78B,?,?,?,?,?,?), ref: 6664F22A
                                                                                                                                                                  • Part of subcall function 666440A8: std::exception::exception.LIBCMT ref: 666440C8
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Initialize$HeadList$CountCriticalSectionSpin$AllocErrorExceptionLastRaisemallocstd::exception::exception
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2957020575-0
                                                                                                                                                                • Opcode ID: 323747e53cb0badc4ee06aa455cf67eb99eeb6a393f9b3718b8996c471ec25ee
                                                                                                                                                                • Instruction ID: 85b2c652fafcc9e597729844df3108363a669e32c1181bab4f03fa42e4a42050
                                                                                                                                                                • Opcode Fuzzy Hash: 323747e53cb0badc4ee06aa455cf67eb99eeb6a393f9b3718b8996c471ec25ee
                                                                                                                                                                • Instruction Fuzzy Hash: 14812472300B80ABD75CDF61EA5878DBBA9F789784F408229CBA943360DF76A574C744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669B638 Relevance: 13.6, APIs: 9, Instructions: 142COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfofreemalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3646291181-0
                                                                                                                                                                • Opcode ID: a7907dd6e15548a6c75a9c1013dd91d495328774bc71f861e5a850da03b5f7be
                                                                                                                                                                • Instruction ID: 242104fd7bfca9f90783788c330f51543db3bcd01bff309dbb19c4ea130ec37e
                                                                                                                                                                • Opcode Fuzzy Hash: a7907dd6e15548a6c75a9c1013dd91d495328774bc71f861e5a850da03b5f7be
                                                                                                                                                                • Instruction Fuzzy Hash: 165137727007828AEB008F26F88034F3FA0F745BA8F448711EE698BB89DB38D451C756
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669AF1C Relevance: 13.6, APIs: 9, Instructions: 142COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfofreemalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3646291181-0
                                                                                                                                                                • Opcode ID: 771ea60e485c5e3ccdacceed66d3edfe2c3ca1eb6430ddbb8925c1e26de460ef
                                                                                                                                                                • Instruction ID: 5644da6259e4ad5d78ecb04e34baac1659ffa20fb8f885259f61180eac29bbe7
                                                                                                                                                                • Opcode Fuzzy Hash: 771ea60e485c5e3ccdacceed66d3edfe2c3ca1eb6430ddbb8925c1e26de460ef
                                                                                                                                                                • Instruction Fuzzy Hash: 2551E372B047818AEB018F26F94034E7FA0F795BACF444311EE6A87B99DB79C441C796
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A9118 Relevance: 13.6, APIs: 9, Instructions: 132COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • free.LIBCMT ref: 666A9168
                                                                                                                                                                  • Part of subcall function 666A8F58: _errno.LIBCMT ref: 666A8F78
                                                                                                                                                                  • Part of subcall function 666A8F58: _invalid_parameter_noinfo.LIBCMT ref: 666A8F83
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfofree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2346782973-0
                                                                                                                                                                • Opcode ID: 48b6c4f4104a8c3bba07f4fed0dc1f61901c14cbc9a57ff9ab579915224d902d
                                                                                                                                                                • Instruction ID: 8e04a0b43900719b34808c869c849ad8e222961f2b7add51a7315314e6650cd5
                                                                                                                                                                • Opcode Fuzzy Hash: 48b6c4f4104a8c3bba07f4fed0dc1f61901c14cbc9a57ff9ab579915224d902d
                                                                                                                                                                • Instruction Fuzzy Hash: 47414462734B8885EE04CF26F90416D7AA4BB55FDCB5447219E6E07B94EF3CC800C308
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AFE08 Relevance: 13.6, APIs: 9, Instructions: 96threadCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$CurrentThread_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 320356786-0
                                                                                                                                                                • Opcode ID: 43bee6d2c3f05a5cfc05c9ff26735e30b463ad92b6c8e260968d4d321f6aa8b0
                                                                                                                                                                • Instruction ID: 5eff8673d8c259b32ee6eec5b09fc8d7063b56b08a09af44f7750194146cdbe7
                                                                                                                                                                • Opcode Fuzzy Hash: 43bee6d2c3f05a5cfc05c9ff26735e30b463ad92b6c8e260968d4d321f6aa8b0
                                                                                                                                                                • Instruction Fuzzy Hash: BF31D332A087C09AEB155F6AF94134D7EA0A7D6B84F058165CB068B752DBB8CC52C36B
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66674374 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: a789630c19ee3fb5b3f2ea17bdf994872909d4c42dc779d1ef14e53421ffad09
                                                                                                                                                                • Instruction ID: 9836b058cf295521eea55926fa4b2a16284d096b46fc76ae8eaed20a4935c045
                                                                                                                                                                • Opcode Fuzzy Hash: a789630c19ee3fb5b3f2ea17bdf994872909d4c42dc779d1ef14e53421ffad09
                                                                                                                                                                • Instruction Fuzzy Hash: D7310676A0874089EB208F66FA0410D7F60FB957F8F614321DF64877A8CBB8C010E716
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66673C30 Relevance: 13.6, APIs: 9, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: bea420004228cc6377e12bdb90b4f32301daa5ee8304c18565c53671c1c411ce
                                                                                                                                                                • Instruction ID: 5c5b8750fad5563806da1be09fa325101486e31ba396615cc5e8c09012d62d84
                                                                                                                                                                • Opcode Fuzzy Hash: bea420004228cc6377e12bdb90b4f32301daa5ee8304c18565c53671c1c411ce
                                                                                                                                                                • Instruction Fuzzy Hash: F531F3B2908B4089EE208F66F90024DBF61E75ABE8F504311DF69977E4CB38C850C76A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66650188 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 666501B9
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 666501C2
                                                                                                                                                                • DuplicateHandle.KERNEL32 ref: 666501EB
                                                                                                                                                                • GetLastError.KERNEL32 ref: 666501F5
                                                                                                                                                                  • Part of subcall function 666440A8: std::exception::exception.LIBCMT ref: 666440C8
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 666502B9
                                                                                                                                                                • TlsGetValue.KERNEL32 ref: 666502F3
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentProcessstd::exception::exception$DuplicateErrorExceptionHandleLastRaiseValue
                                                                                                                                                                • String ID: eventObject
                                                                                                                                                                • API String ID: 296986234-1680012138
                                                                                                                                                                • Opcode ID: 350beee8a953665c5057aaa2949b0634cf02684f7d912e5d8c37aebf2728edcc
                                                                                                                                                                • Instruction ID: f3c4cd8ee24473f7c13bef6b7f606e438ead13ea8337cabb9944814e4f5c563d
                                                                                                                                                                • Opcode Fuzzy Hash: 350beee8a953665c5057aaa2949b0634cf02684f7d912e5d8c37aebf2728edcc
                                                                                                                                                                • Instruction Fuzzy Hash: 5D41BE36605B8582DB10CF15F844399B7B2FB98BD8F408226DB9D43B68DF7AC569C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665FE1C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _getptd.LIBCMT ref: 6665FE3A
                                                                                                                                                                  • Part of subcall function 666620F0: _amsg_exit.LIBCMT ref: 66662106
                                                                                                                                                                • _getptd.LIBCMT ref: 6665FE4C
                                                                                                                                                                • _getptd.LIBCMT ref: 6665FE5D
                                                                                                                                                                • _getptd.LIBCMT ref: 6665FE75
                                                                                                                                                                  • Part of subcall function 666A8DBC: malloc.LIBCMT ref: 666A8DD6
                                                                                                                                                                • _getptd.LIBCMT ref: 6665FEA7
                                                                                                                                                                  • Part of subcall function 6665F4BC: EncodePointer.KERNEL32 ref: 6665F5B9
                                                                                                                                                                  • Part of subcall function 6665F4BC: malloc.LIBCMT ref: 6665F5DC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _getptd$malloc$EncodePointer_amsg_exit
                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                • API String ID: 329319875-2084237596
                                                                                                                                                                • Opcode ID: 322f80ab2669c936185ff7441b64d8fe1047131fb066574ed8d8b56affc7d1c2
                                                                                                                                                                • Instruction ID: 8e33c35a0a0168b7d3c1570acee558f3e66edc89e28dd2bd250f50339e9db8e9
                                                                                                                                                                • Opcode Fuzzy Hash: 322f80ab2669c936185ff7441b64d8fe1047131fb066574ed8d8b56affc7d1c2
                                                                                                                                                                • Instruction Fuzzy Hash: 6B319032219B8082E7118B29F95126D7BA5F7C5FA8F158225EF9947B94CF3CC461CF81
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A34A8 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 71COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator=
                                                                                                                                                                • String ID: (/mf$0/mf$@/mf$P/mf$`/mf$p/mf
                                                                                                                                                                • API String ID: 1538788546-1615373417
                                                                                                                                                                • Opcode ID: f9db023bffd26f2d8e76c42279038bdcf71ca145a3128bbddb180299d8a981f0
                                                                                                                                                                • Instruction ID: f8612071a5bc38e986b320558807e06f8d96bd3398c7138cd51a1baf0711c7b6
                                                                                                                                                                • Opcode Fuzzy Hash: f9db023bffd26f2d8e76c42279038bdcf71ca145a3128bbddb180299d8a981f0
                                                                                                                                                                • Instruction Fuzzy Hash: 392198B1A58B44C1EB158B1DF88136A77A3E796B84F048905E9549776CD73ACCA0C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66683130 Relevance: 12.2, APIs: 8, Instructions: 223COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: a08da7564c0700543306c435819ecaefdc7db552cbba1dd64ea677e72fa035b0
                                                                                                                                                                • Instruction ID: 45270e8a27a66cac3b4bc104d00f354108ec86a03ba06b40c816c155c735f184
                                                                                                                                                                • Opcode Fuzzy Hash: a08da7564c0700543306c435819ecaefdc7db552cbba1dd64ea677e72fa035b0
                                                                                                                                                                • Instruction Fuzzy Hash: A2712C62B093D086E7028FB9F9542AC3F20A711BA8F08461DCEB527789DB75CC56C375
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666824D4 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: c2a6779cc7d47e32d191963a63047eae1dada1a27312d0b659ee8b87b3ad127a
                                                                                                                                                                • Instruction ID: ba47be6ca60e70afc13c56cd1ddbdc8c45c317d2eb762671d51f1d7fbe36f2fa
                                                                                                                                                                • Opcode Fuzzy Hash: c2a6779cc7d47e32d191963a63047eae1dada1a27312d0b659ee8b87b3ad127a
                                                                                                                                                                • Instruction Fuzzy Hash: A7512472B053909BEB028F36F9542AD2F34B701B9CF148629CE655BB9DD734C096C3A2
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667303C Relevance: 12.1, APIs: 8, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _fileno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 467780811-0
                                                                                                                                                                • Opcode ID: 0282544ad22641c65687f14427829d34fb466da75a6df85f6bead54e9d9b7b46
                                                                                                                                                                • Instruction ID: f652a75becb0ba10cc0ba3d6d275280bb7df3b4bc1fed6a6ad09feaa548b77ff
                                                                                                                                                                • Opcode Fuzzy Hash: 0282544ad22641c65687f14427829d34fb466da75a6df85f6bead54e9d9b7b46
                                                                                                                                                                • Instruction Fuzzy Hash: B4510632A18A8582DB348B26FA8432D7F60F7857A9F144215DF79577D0DB38C8B2C791
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667E668 Relevance: 12.1, APIs: 8, Instructions: 142COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 7056d3ecab7ea9079a7b2d49ca962320d58231e67237115bcc16272402aaa722
                                                                                                                                                                • Instruction ID: e15da18f08ef7ed5a39bd7b21d0d10bbf0588590e3b85b33f96f015e2035831b
                                                                                                                                                                • Opcode Fuzzy Hash: 7056d3ecab7ea9079a7b2d49ca962320d58231e67237115bcc16272402aaa722
                                                                                                                                                                • Instruction Fuzzy Hash: BA512232B14BC09AEB208F25F88029D7FB5F715BA8F144705DE690BBA9DB34D069C745
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AD5D4 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno_lseek_nolock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3948042459-0
                                                                                                                                                                • Opcode ID: 3b60aa6ff9b77e2df270921a83d2b99f7cbea908284103e46c61e793520a0cbd
                                                                                                                                                                • Instruction ID: 1a8f4fcfd80b8962d09b22647c5c0b1d6b6a93021b98d3b70364000de2fbfc6b
                                                                                                                                                                • Opcode Fuzzy Hash: 3b60aa6ff9b77e2df270921a83d2b99f7cbea908284103e46c61e793520a0cbd
                                                                                                                                                                • Instruction Fuzzy Hash: F9113B3331434046E7055F6BFD5135D7E12A781B69F465204DF298B3E2DBB88C51CBA6
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66661654 Relevance: 12.1, APIs: 8, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _FF_MSGBANNER.LIBCMT ref: 6666167B
                                                                                                                                                                  • Part of subcall function 66661030: _set_error_mode.LIBCMT ref: 66661039
                                                                                                                                                                  • Part of subcall function 66661030: _set_error_mode.LIBCMT ref: 66661048
                                                                                                                                                                  • Part of subcall function 66660DCC: _set_error_mode.LIBCMT ref: 66660E11
                                                                                                                                                                  • Part of subcall function 66660DCC: _set_error_mode.LIBCMT ref: 66660E22
                                                                                                                                                                  • Part of subcall function 66660DCC: GetModuleFileNameW.KERNEL32 ref: 66660E84
                                                                                                                                                                  • Part of subcall function 66660944: ExitProcess.KERNEL32 ref: 66660953
                                                                                                                                                                  • Part of subcall function 666A8A90: malloc.LIBCMT ref: 666A8ABB
                                                                                                                                                                  • Part of subcall function 666A8A90: Sleep.KERNEL32(?,?,?,666616B5,?,?,?,66661763,?,?,?,?,?,?,00000000,666620BC), ref: 666A8ACE
                                                                                                                                                                • _errno.LIBCMT ref: 666616BD
                                                                                                                                                                • _lock.LIBCMT ref: 666616D1
                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,66661763,?,?,?,?,?,?,00000000,666620BC,?,?,?,66665695), ref: 666616E7
                                                                                                                                                                • free.LIBCMT ref: 666616F4
                                                                                                                                                                • _errno.LIBCMT ref: 666616F9
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,66661763,?,?,?,?,?,?,00000000,666620BC,?,?,?,66665695), ref: 6666171C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_error_mode$CriticalSection_errno$CountExitFileInitializeLeaveModuleNameProcessSleepSpin_lockfreemalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 113790786-0
                                                                                                                                                                • Opcode ID: 933b6786d667cc28639707084ca51bcb6e796a003bed8775338c5a155fa9fa0a
                                                                                                                                                                • Instruction ID: 9dec2f36f76181dde27169ff877522888074645f5da4e091d080d5d21b7c73c7
                                                                                                                                                                • Opcode Fuzzy Hash: 933b6786d667cc28639707084ca51bcb6e796a003bed8775338c5a155fa9fa0a
                                                                                                                                                                • Instruction Fuzzy Hash: 45210635A6478082E714AB6BF81075ABF66FB817C8F085538D646C7694CF3DC450C79A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666730C Relevance: 12.0, APIs: 8, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$AttributesErrorFileLast__doserrno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2953107838-0
                                                                                                                                                                • Opcode ID: 44e8a5bfc5585dea19d37132c0d8019dedfd288e6f7e132648223526bd0d6f45
                                                                                                                                                                • Instruction ID: cd232e63f317680082ffc5b3726f9fb62c823f7c9e0ab5105910e6b2bb5b5691
                                                                                                                                                                • Opcode Fuzzy Hash: 44e8a5bfc5585dea19d37132c0d8019dedfd288e6f7e132648223526bd0d6f45
                                                                                                                                                                • Instruction Fuzzy Hash: 31F08C71A14200CAFB002FB7FD0134C3E625B6136AF050A10DE21DB292DB795C60CAAB
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666653EC Relevance: 12.0, APIs: 8, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$AttributesErrorFileLast__doserrno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2953107838-0
                                                                                                                                                                • Opcode ID: 14f6a73c5e0977c9fbc2cb90e3415c11c502771ccc8c8ceec2e017113f2669d9
                                                                                                                                                                • Instruction ID: 6ef5f8f476ed2da8dc7808e198e68aeb81c59032b9aa82857627bf3009631194
                                                                                                                                                                • Opcode Fuzzy Hash: 14f6a73c5e0977c9fbc2cb90e3415c11c502771ccc8c8ceec2e017113f2669d9
                                                                                                                                                                • Instruction Fuzzy Hash: 6BF0AF71A143008AFB002BB7FD5335C3A615F6172BF440650DA61CB2A3CBB84870C667
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669E0B4 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 332timeCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FormatTime$freemalloc
                                                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                                                • API String ID: 1270501263-3206640213
                                                                                                                                                                • Opcode ID: f72c1e3d8ff80aceac853f1bcadd32cec8641505b0ff4ce25682adc280e32fd5
                                                                                                                                                                • Instruction ID: 829331d033ca7d059c6ccfa28bc67f4952272c79d6b073ca2bfe43a63c41afca
                                                                                                                                                                • Opcode Fuzzy Hash: f72c1e3d8ff80aceac853f1bcadd32cec8641505b0ff4ce25682adc280e32fd5
                                                                                                                                                                • Instruction Fuzzy Hash: F5C1E032A14BC3C6EB14CF29F5446A93361FF15B99F808316EE2887B98EB39C951C741
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BB04C Relevance: 10.8, APIs: 7, Instructions: 305COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1294909896-0
                                                                                                                                                                • Opcode ID: ec1afa31f57c1075b5ce377b1345574f7a4df12b1d1285a48070c98d7792a6c6
                                                                                                                                                                • Instruction ID: 952b3d16dffc19c57a0beab38ac8dfede0d4672b4395af00774118daf1e8481e
                                                                                                                                                                • Opcode Fuzzy Hash: ec1afa31f57c1075b5ce377b1345574f7a4df12b1d1285a48070c98d7792a6c6
                                                                                                                                                                • Instruction Fuzzy Hash: D8C19132704B94D9DB20CB62F484A9E7BA4F799788F804526CF9D53714EF79C22AC784
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665AEA0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 220threadmemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 6665AEB8
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 6665B056
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 6665B09A
                                                                                                                                                                • VirtualProtect.KERNEL32 ref: 6665B1AD
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 6665B1CB
                                                                                                                                                                  • Part of subcall function 6665B1F4: WaitForMultipleObjects.KERNEL32 ref: 6665B27C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentThreadstd::exception::exception$MultipleObjectsProtectVirtualWait
                                                                                                                                                                • String ID: pContext
                                                                                                                                                                • API String ID: 867383853-2046700901
                                                                                                                                                                • Opcode ID: f26a7383001d32b3c2f742e033be9d30d687146ec277ad5111334bc384e3dcf2
                                                                                                                                                                • Instruction ID: 8b49a3fbcf08741534595ae05851f9075b8c5ab6a87a85a6c61716699fe988c6
                                                                                                                                                                • Opcode Fuzzy Hash: f26a7383001d32b3c2f742e033be9d30d687146ec277ad5111334bc384e3dcf2
                                                                                                                                                                • Instruction Fuzzy Hash: 07918E32608B8596DF20DF25F451399BB71FB84B88F954012EB9E07B28DF7AC56AC350
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66682E74 Relevance: 10.7, APIs: 7, Instructions: 208COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_strnset_s
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3018319934-0
                                                                                                                                                                • Opcode ID: 19da2d5d348126c6781ee4916a2ce855d6b368bfbdc1d0b87b9cc321372ca467
                                                                                                                                                                • Instruction ID: bdc3030604d52e56117f2cf875d6b441c7871852b7220af073701cfc8f3a46c4
                                                                                                                                                                • Opcode Fuzzy Hash: 19da2d5d348126c6781ee4916a2ce855d6b368bfbdc1d0b87b9cc321372ca467
                                                                                                                                                                • Instruction Fuzzy Hash: CA712562A443D089EB068FB6F9406AD7F78BB51B88F04911CDE653B668E734C891C3F1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66683658 Relevance: 10.7, APIs: 7, Instructions: 205COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_strnset_s
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3018319934-0
                                                                                                                                                                • Opcode ID: 03d2998ce04b39fe646234e0d2cbbb0902dbafd98ef9a2030c480a710281c5a8
                                                                                                                                                                • Instruction ID: 3a48c39e5883813164d458d6cf3b61e8a9000d9e409eee6a67ee4248614bd19b
                                                                                                                                                                • Opcode Fuzzy Hash: 03d2998ce04b39fe646234e0d2cbbb0902dbafd98ef9a2030c480a710281c5a8
                                                                                                                                                                • Instruction Fuzzy Hash: 656128B2E197909AEB028BBAF50026C3E60B711B8CF04861DDE65BB648D775C841C3B5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664F324 Relevance: 10.7, APIs: 7, Instructions: 184COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • QueryDepthSList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F47A
                                                                                                                                                                • InterlockedPushEntrySList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F495
                                                                                                                                                                • QueryDepthSList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F49F
                                                                                                                                                                • InterlockedFlushSList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F4D4
                                                                                                                                                                • InterlockedPushEntrySList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F4FA
                                                                                                                                                                • TlsFree.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F548
                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F5DD
                                                                                                                                                                  • Part of subcall function 666543CC: InterlockedFlushSList.KERNEL32 ref: 666543E3
                                                                                                                                                                  • Part of subcall function 666543CC: InterlockedFlushSList.KERNEL32 ref: 66654414
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: List$Interlocked$EntryFlush$DepthPushQuery$Free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3985742171-0
                                                                                                                                                                • Opcode ID: a513889d92382b1447f7de881cf64cb007bdca829629ab5f24aa2c0bc79126a3
                                                                                                                                                                • Instruction ID: bf42ac2772be9c4493604d2c2506062f4df827284de3135e90808d214ac15035
                                                                                                                                                                • Opcode Fuzzy Hash: a513889d92382b1447f7de881cf64cb007bdca829629ab5f24aa2c0bc79126a3
                                                                                                                                                                • Instruction Fuzzy Hash: B371CA32610A809BDB25EF21F94079937B2F7C5B99F008626DF1A47B64DF39D8A1CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666582A8 Relevance: 10.6, APIs: 7, Instructions: 146synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountObjectSingleTickWait$CloseHandleReleaseSemaphoreValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2463594477-0
                                                                                                                                                                • Opcode ID: b208b46dfab0b08fa96a0cf9e073c7fe55cde0a8637b648a28502c9269e673ae
                                                                                                                                                                • Instruction ID: a42072a47ef639d49bc3c9f299d0de98baf040337184a05119259a7ef9751fc5
                                                                                                                                                                • Opcode Fuzzy Hash: b208b46dfab0b08fa96a0cf9e073c7fe55cde0a8637b648a28502c9269e673ae
                                                                                                                                                                • Instruction Fuzzy Hash: AD510132B24A9097DB089B76F9153AD7761F781FA5F054229CF6947BA0CF39C8A5C380
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664E3A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 6664E3D5
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32 ref: 6664E406
                                                                                                                                                                • TlsGetValue.KERNEL32 ref: 6664E489
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EntryExceptionInterlockedListRaiseValuestd::exception::exception
                                                                                                                                                                • String ID: proc
                                                                                                                                                                • API String ID: 2218005756-735085620
                                                                                                                                                                • Opcode ID: c0d07d9867c0c85077fc0f04318041a81b08fd9fde93509a6f4975dbfd6f3799
                                                                                                                                                                • Instruction ID: 3d1e642295c2d104a85b24c6627fa535caf8f65563bb4e20346b19ea0a4dcf08
                                                                                                                                                                • Opcode Fuzzy Hash: c0d07d9867c0c85077fc0f04318041a81b08fd9fde93509a6f4975dbfd6f3799
                                                                                                                                                                • Instruction Fuzzy Hash: DE517772700B8487DB14DF25E4443987B71FB89B98F45812ACB9E07720EF3AD868C344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666990D9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: write_multi_char$_errno_invalid_parameter_noinfofreewrite_char
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1974454771-0
                                                                                                                                                                • Opcode ID: 3915306a7060ef8bd3d125dd6137a96e38ba3003b3d6b7e067dbb6087dac29ad
                                                                                                                                                                • Instruction ID: e8e092523dde097bcdb7600a3cbebedac3751201ceaa6cdd9095b1dad5d78d96
                                                                                                                                                                • Opcode Fuzzy Hash: 3915306a7060ef8bd3d125dd6137a96e38ba3003b3d6b7e067dbb6087dac29ad
                                                                                                                                                                • Instruction Fuzzy Hash: 5341A272A047969EEB05CA62F54039F7F71BB857ACF08031ADE4917B58DB39C441C784
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665A02C Relevance: 10.6, APIs: 7, Instructions: 119sleepsynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6665A088
                                                                                                                                                                  • Part of subcall function 666440A8: std::exception::exception.LIBCMT ref: 666440C8
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6665A0CE
                                                                                                                                                                • SetEvent.KERNEL32 ref: 6665A12D
                                                                                                                                                                • Sleep.KERNEL32 ref: 6665A16A
                                                                                                                                                                • Sleep.KERNEL32 ref: 6665A1A1
                                                                                                                                                                • WaitForSingleObject.KERNEL32 ref: 6665A1B4
                                                                                                                                                                • Sleep.KERNEL32 ref: 6665A1EA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep$ErrorLast$EventExceptionObjectRaiseSingleWaitstd::exception::exception
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4069521859-0
                                                                                                                                                                • Opcode ID: cc0ce11f144d7f33da0d32a194008e5b95eb4d1ded5fda0dbe19138c0165e87c
                                                                                                                                                                • Instruction ID: 995006276460b198f3773a8c4ebda7ff4a2a431228fc13fd6221bfa288fda1cb
                                                                                                                                                                • Opcode Fuzzy Hash: cc0ce11f144d7f33da0d32a194008e5b95eb4d1ded5fda0dbe19138c0165e87c
                                                                                                                                                                • Instruction Fuzzy Hash: AB516E72710B4086EB10DF26FC5135937B2FB88B98F15551ADA4D87668DF3AC866C390
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666C7D8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_fileno
                                                                                                                                                                • String ID: @
                                                                                                                                                                • API String ID: 3947385824-2766056989
                                                                                                                                                                • Opcode ID: c522a9dda97ea8f767a958cafb3c1a9874d5dc17132abd03095036772c617502
                                                                                                                                                                • Instruction ID: db95a701e3faeb6afdede6ff87a0c6c0b6325211b596498414de8aa70fbf88d1
                                                                                                                                                                • Opcode Fuzzy Hash: c522a9dda97ea8f767a958cafb3c1a9874d5dc17132abd03095036772c617502
                                                                                                                                                                • Instruction Fuzzy Hash: FC312372A14E4190EF158B2BF8203297E51BB95BA8F14432ADA6BC72E4EB3CC050C352
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665F6EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 6665F73B
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                  • Part of subcall function 6669FA94: _getptd.LIBCMT ref: 6669FA98
                                                                                                                                                                • DecodePointer.KERNEL32 ref: 6665F7B7
                                                                                                                                                                • RaiseException.KERNEL32 ref: 6665F85A
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 6665F8A5
                                                                                                                                                                  • Part of subcall function 6669F1F4: std::exception::operator=.LIBCMT ref: 6669F210
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionRaisestd::exception::exception$DecodePointer_getptdstd::exception::operator=
                                                                                                                                                                • String ID: bad exception$csm
                                                                                                                                                                • API String ID: 2308181687-1249633139
                                                                                                                                                                • Opcode ID: 25f5683e5a7b7d17836758188af33820d4208e648678836955e667bb4cdb4321
                                                                                                                                                                • Instruction ID: 39ea36eb6d31afdd6fd47b66499f43f9e237bafcc556bccbee96e6895bf415c6
                                                                                                                                                                • Opcode Fuzzy Hash: 25f5683e5a7b7d17836758188af33820d4208e648678836955e667bb4cdb4321
                                                                                                                                                                • Instruction Fuzzy Hash: 15419036710B8599CB20CF22F8403D87769FB887ACF558612EA6D47B58DF35C5A5C780
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AF514 Relevance: 10.6, APIs: 7, Instructions: 108COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __doserrno.LIBCMT ref: 666AF533
                                                                                                                                                                • _errno.LIBCMT ref: 666AF53C
                                                                                                                                                                • __doserrno.LIBCMT ref: 666AF593
                                                                                                                                                                • _errno.LIBCMT ref: 666AF61E
                                                                                                                                                                  • Part of subcall function 666ADB88: _lock.LIBCMT ref: 666ADBCC
                                                                                                                                                                  • Part of subcall function 666ADB88: InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,666AD37C,00000400,00000000,?,6666D8F1,?,?,00000000,6667420F), ref: 666ADBE3
                                                                                                                                                                  • Part of subcall function 666ADB88: EnterCriticalSection.KERNEL32(?,?,?,666AD37C,00000400,00000000,?,6666D8F1,?,?,00000000,6667420F), ref: 666ADC0A
                                                                                                                                                                • __doserrno.LIBCMT ref: 666AF668
                                                                                                                                                                • _errno.LIBCMT ref: 666AF66F
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666AF67A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno$CriticalSection$CountEnterInitializeSpin_invalid_parameter_noinfo_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 186178385-0
                                                                                                                                                                • Opcode ID: dcb915b078e1395aadf1e2752207fc004f59dea5330a10ca4d032d06c706ae02
                                                                                                                                                                • Instruction ID: 5f1366944ddc8f20229afd150dffbdcb6e194a592b6d256ca9ec8bd5ad9ecf1a
                                                                                                                                                                • Opcode Fuzzy Hash: dcb915b078e1395aadf1e2752207fc004f59dea5330a10ca4d032d06c706ae02
                                                                                                                                                                • Instruction Fuzzy Hash: 9731277170174046EB05EF2AF99032D7E63ABD1768F849324E6158B3A0DF788C52C79B
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666D408 Relevance: 10.6, APIs: 7, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 3023d1bac4655ed784386f8d61125b17995b4e13b7bc3c643c72ea9eefeb1d32
                                                                                                                                                                • Instruction ID: 69ff86ea310645a06359d3b46c1bc644ec36798f1c6c700d173332f0e2111d2b
                                                                                                                                                                • Opcode Fuzzy Hash: 3023d1bac4655ed784386f8d61125b17995b4e13b7bc3c643c72ea9eefeb1d32
                                                                                                                                                                • Instruction Fuzzy Hash: 6B31EA32A1468187DB118B7BF69036C3B60F78679CF304615DB6AC7A90DB34D8B2C742
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669F2C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: malloc$_amsg_exit_lockfree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4033630354-3916222277
                                                                                                                                                                • Opcode ID: e96e6cf6e5718e3be53665393d948364f1e3311aadb78c24622c3dc4500c2898
                                                                                                                                                                • Instruction ID: 41f0a122336da54bd4bdec3f001ac75bbc981e95fb9999ff90eacf6f014ad0d8
                                                                                                                                                                • Opcode Fuzzy Hash: e96e6cf6e5718e3be53665393d948364f1e3311aadb78c24622c3dc4500c2898
                                                                                                                                                                • Instruction Fuzzy Hash: 9031E122616BC091EB04CB26F95031AFBA5FB497C8F448529AF8A57B14DF3CC861C708
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AF3A4 Relevance: 10.6, APIs: 7, Instructions: 95COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 666AF3EB
                                                                                                                                                                • __doserrno.LIBCMT ref: 666AF3F6
                                                                                                                                                                  • Part of subcall function 666AD9A8: SetStdHandle.KERNEL32(?,?,00000000,666AA624), ref: 666ADA17
                                                                                                                                                                • _close_nolock.LIBCMT ref: 666AF42C
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 666AF431
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 666AF444
                                                                                                                                                                • DuplicateHandle.KERNEL32 ref: 666AF470
                                                                                                                                                                • GetLastError.KERNEL32 ref: 666AF47A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentHandleProcess$DuplicateErrorLast__doserrno_close_nolock_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3621688898-0
                                                                                                                                                                • Opcode ID: c2207cb07d3a671393ef3e1c64ca7cf9ce3609261f341d90da65083e802b02c2
                                                                                                                                                                • Instruction ID: d613b4f86b1a97484d8e00fd2273b4cb3e1ad211179b70afc818e5f3898870b5
                                                                                                                                                                • Opcode Fuzzy Hash: c2207cb07d3a671393ef3e1c64ca7cf9ce3609261f341d90da65083e802b02c2
                                                                                                                                                                • Instruction Fuzzy Hash: 1E312332614B9086D7018F26F85438E7F64F789FD4F0A4215EE9A4B366CF38C481C345
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666787A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$LocalTime_invalid_parameter_noinfo
                                                                                                                                                                • String ID: /$/
                                                                                                                                                                • API String ID: 250023431-2523464752
                                                                                                                                                                • Opcode ID: 084c0f95ededa3dc13139fcd324434408b019fa2ca5e87200920bcc7182b7b43
                                                                                                                                                                • Instruction ID: b56a927c50c1d04ef48da60f6090d6528edebdde99603a6a5fddf7eeb5cd18bb
                                                                                                                                                                • Opcode Fuzzy Hash: 084c0f95ededa3dc13139fcd324434408b019fa2ca5e87200920bcc7182b7b43
                                                                                                                                                                • Instruction Fuzzy Hash: 53314C927252808BE7058B3DF8963496FA2E3A5708F48D124D645CFB9BD63DC419C362
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669F29C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: freemalloc$_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1444430101-3916222277
                                                                                                                                                                • Opcode ID: c48c21e6c88d84266de83bc8083479317a40f10abbb06bfe0be1e419e216b369
                                                                                                                                                                • Instruction ID: 4b92e5acb4476b72b84ebc5685215e078ee85ab33d11bc7755355f0bd516ec43
                                                                                                                                                                • Opcode Fuzzy Hash: c48c21e6c88d84266de83bc8083479317a40f10abbb06bfe0be1e419e216b369
                                                                                                                                                                • Instruction Fuzzy Hash: 4931E336B11B9491EB04CB26F45435AFBA8FB04B88F54942ACF5D47B50EF78C861C304
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66652EC8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 66652F2F
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 66652F5E
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 66652FE8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterExceptionLeaveRaisestd::exception::exception
                                                                                                                                                                • String ID: pExecutionResource$'mf$'mf
                                                                                                                                                                • API String ID: 3055179850-4236822093
                                                                                                                                                                • Opcode ID: 575b046a22a18941575a71274cb85b2ebe6194a40475ce52e48a1d115c72170a
                                                                                                                                                                • Instruction ID: 75f850ea00b6e87e48f58a22aba6ca858321bf1d4ba21d80006f95eadbeed308
                                                                                                                                                                • Opcode Fuzzy Hash: 575b046a22a18941575a71274cb85b2ebe6194a40475ce52e48a1d115c72170a
                                                                                                                                                                • Instruction Fuzzy Hash: 8F314776211F8486CB04CF16F84028C77A9F789BD4F984226EB9E47B64DF3AC466C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AF698 Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 921712934-0
                                                                                                                                                                • Opcode ID: 3ddbbc6e0eb3f8fa455fd078bed6959c3b54509a7c1e22cb7ca2128af4e012b8
                                                                                                                                                                • Instruction ID: d98c3c3102e3e31e87783147904d3fab354534a6ec503ceeeaaf5760525ee9e9
                                                                                                                                                                • Opcode Fuzzy Hash: 3ddbbc6e0eb3f8fa455fd078bed6959c3b54509a7c1e22cb7ca2128af4e012b8
                                                                                                                                                                • Instruction Fuzzy Hash: D021F372B1479046E7045F26FC4031D7E12A7C07B9F5587249A36477E5CBB8CC51C7A6
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666C684 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_fileno
                                                                                                                                                                • String ID: @
                                                                                                                                                                • API String ID: 3947385824-2766056989
                                                                                                                                                                • Opcode ID: fb6387043808d982451088f82a302c208931dd3600bea83d454c1d88cdd021fa
                                                                                                                                                                • Instruction ID: 9b765bad5ee9d2bdbcb20597a9452d84274ae1b5f0f25afbb307bc01805ca540
                                                                                                                                                                • Opcode Fuzzy Hash: fb6387043808d982451088f82a302c208931dd3600bea83d454c1d88cdd021fa
                                                                                                                                                                • Instruction Fuzzy Hash: 13210272604E4481DF058B7BFC603293E61AB91BA8F655722DA2BC72E0DF38D421C297
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AFC34 Relevance: 10.6, APIs: 7, Instructions: 73filesleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File_errno$ErrorLastLockSleepUnlock__doserrno_lseek_nolock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1669973247-0
                                                                                                                                                                • Opcode ID: c3c30741cf38ae592f8619901f123bcaa725cdb907513981ed407a9784a1d4b3
                                                                                                                                                                • Instruction ID: 08bd8a0e1e784cf1ce496083a5698f3120ac64fc7478f43d7ac9067ce873e378
                                                                                                                                                                • Opcode Fuzzy Hash: c3c30741cf38ae592f8619901f123bcaa725cdb907513981ed407a9784a1d4b3
                                                                                                                                                                • Instruction Fuzzy Hash: 5B21DE72B1878086E311AF6BF88031FBA62BBD9794F104625AE6683350CF78C810C782
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AEE68 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno$_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2864334240-0
                                                                                                                                                                • Opcode ID: d8e0ac6dc670d48a774e4fffc7259f18e263f5510068d019c50edd44eefcbb79
                                                                                                                                                                • Instruction ID: ffab6f01d57a2efc0f3e048cd73c0a266ddcbef707db4dcf8d1201ab21790b13
                                                                                                                                                                • Opcode Fuzzy Hash: d8e0ac6dc670d48a774e4fffc7259f18e263f5510068d019c50edd44eefcbb79
                                                                                                                                                                • Instruction Fuzzy Hash: DD210E727043C486E7064F66F98132EBE22FB94789F858029EE158B792CB38CC51C75A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AD458 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 666AD471
                                                                                                                                                                • FlushFileBuffers.KERNEL32(?,?,?,6666E3D6,?,?,?,6666E50C,?,?,?,6665E0C4), ref: 666AD4D4
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,6666E3D6,?,?,?,6666E50C,?,?,?,6665E0C4), ref: 666AD4DE
                                                                                                                                                                • __doserrno.LIBCMT ref: 666AD4EE
                                                                                                                                                                • _errno.LIBCMT ref: 666AD4F5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$BuffersErrorFileFlushLast__doserrno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1845094721-0
                                                                                                                                                                • Opcode ID: 319b6e2d610539583d160c29f35e8f1bf16372b91154b41762b6d3405281c1a6
                                                                                                                                                                • Instruction ID: 7817cd9522c19574bf18e800dfe712b4dbc0ad357cd86b79fe11621b6054b29f
                                                                                                                                                                • Opcode Fuzzy Hash: 319b6e2d610539583d160c29f35e8f1bf16372b91154b41762b6d3405281c1a6
                                                                                                                                                                • Instruction Fuzzy Hash: 2D11E671B047804AEB015F6AFD9036D7E22EB817ACF190228EE164B3A1CF78CC51C769
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AF2D0 Relevance: 10.6, APIs: 7, Instructions: 59COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 921712934-0
                                                                                                                                                                • Opcode ID: 27d419bd9464ad508de9173c1e967d7a91fbc2455c8341e4f8a660be97c0e2e9
                                                                                                                                                                • Instruction ID: 4fa166de4e11e5efad8a8d9ed255e1a70a67a81af61f3524fa7de4cd1f0a2781
                                                                                                                                                                • Opcode Fuzzy Hash: 27d419bd9464ad508de9173c1e967d7a91fbc2455c8341e4f8a660be97c0e2e9
                                                                                                                                                                • Instruction Fuzzy Hash: AA112B7360434086E7055F26FC4531D7E11A7D17A5F594624DA658B3E2CBB8CC50C7AB
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669FC60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 20COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _getptd.LIBCMT ref: 6669FC7F
                                                                                                                                                                  • Part of subcall function 666620F0: _amsg_exit.LIBCMT ref: 66662106
                                                                                                                                                                  • Part of subcall function 6669FA94: _getptd.LIBCMT ref: 6669FA98
                                                                                                                                                                • _getptd.LIBCMT ref: 6669FC91
                                                                                                                                                                • _getptd.LIBCMT ref: 6669FC9F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _getptd$_amsg_exit
                                                                                                                                                                • String ID: MOC$RCC$csm
                                                                                                                                                                • API String ID: 2610988583-2671469338
                                                                                                                                                                • Opcode ID: 253933db3b1a6706f1f0cf5b7cabca6dfb3920ade6308f785932c19a809b9ff8
                                                                                                                                                                • Instruction ID: db5c7015d62c3566bfa2f3e82d24c2b025ae3204223b5acaccb666d5a755d016
                                                                                                                                                                • Opcode Fuzzy Hash: 253933db3b1a6706f1f0cf5b7cabca6dfb3920ade6308f785932c19a809b9ff8
                                                                                                                                                                • Instruction Fuzzy Hash: 1FE01A36914106CAC7011B61F84139E3EA1F7D8B2AFA7D6719E4482314CBBC84C1DA57
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66683410 Relevance: 9.2, APIs: 6, Instructions: 180COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 5a3c15a26ab9220f2811d5ac231855edb4e6f25875524a96633800ab2a4dd764
                                                                                                                                                                • Instruction ID: 8cd65ddb1aa792bec950d25f9d9e52d981150142221416f212c1007779f595c2
                                                                                                                                                                • Opcode Fuzzy Hash: 5a3c15a26ab9220f2811d5ac231855edb4e6f25875524a96633800ab2a4dd764
                                                                                                                                                                • Instruction Fuzzy Hash: CC512972F1938085EB128FBAF94029D6F20A75279CF04862DCFB52B795D636C856C372
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665D228 Relevance: 9.1, APIs: 6, Instructions: 135synchronizationsleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,?,?,6665D215), ref: 6665D24C
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 6665D274
                                                                                                                                                                • Sleep.KERNEL32(?,?,?,6665D215), ref: 6665D28D
                                                                                                                                                                • InterlockedPushEntrySList.KERNEL32(?,?,?,6665D215), ref: 6665D2CD
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,?,?,6665D215), ref: 6665D3BE
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,6665D215), ref: 6665D3E1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ObjectSingleWait$CloseCountEntryHandleInterlockedListPushSleepTick
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1290815868-0
                                                                                                                                                                • Opcode ID: 0685c44eee99dcb6ad3d569bf5b606e07cad6a711856ac0dc3bb5be1fa51103a
                                                                                                                                                                • Instruction ID: e7b72df843e28521a9f1d28362c214cc377f64fc54db3cb683a1e64fe037658c
                                                                                                                                                                • Opcode Fuzzy Hash: 0685c44eee99dcb6ad3d569bf5b606e07cad6a711856ac0dc3bb5be1fa51103a
                                                                                                                                                                • Instruction Fuzzy Hash: 79410D32705680A3DB08DF32F99535EABA1FB85B99F010210DF6A47790DF39D8A6C744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66682720 Relevance: 9.1, APIs: 6, Instructions: 123COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: b746e54cf023b0451931c02c4fb2e8d1c2b3c7bacdc8cef434f29368ee9e60a0
                                                                                                                                                                • Instruction ID: 35d93686d22df05f07127bb05f6799fe031580181e1f9b44af1f938e2473311e
                                                                                                                                                                • Opcode Fuzzy Hash: b746e54cf023b0451931c02c4fb2e8d1c2b3c7bacdc8cef434f29368ee9e60a0
                                                                                                                                                                • Instruction Fuzzy Hash: 6A41F8B2B0439059FB018F3AEA4439C7F74B751BD8F148129CBA55BB99DB74C086C3A5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AF11C Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __doserrno_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 921712934-0
                                                                                                                                                                • Opcode ID: 9340108bf8db35a4731490446c7919411296553ef1cc614c406eaefb89d5544c
                                                                                                                                                                • Instruction ID: 21266cd57992b2d1200befef88f4e02002802ad9a01dd33bcf43f6a575266e7f
                                                                                                                                                                • Opcode Fuzzy Hash: 9340108bf8db35a4731490446c7919411296553ef1cc614c406eaefb89d5544c
                                                                                                                                                                • Instruction Fuzzy Hash: A24125773147C046EB514F66F8507AEBF65B786B94F442210DE5A173A2CF39C854C712
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A5390 Relevance: 9.1, APIs: 6, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • UnDecorator::getZName.LIBCMT ref: 666A545E
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A549E
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A54B4
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A54C3
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A54E3
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A54EF
                                                                                                                                                                  • Part of subcall function 666A4C50: DName::operator=.LIBCMT ref: 666A4CE5
                                                                                                                                                                  • Part of subcall function 666A4C50: DName::DName.LIBCMT ref: 666A4D00
                                                                                                                                                                  • Part of subcall function 666A4C50: DName::operator+=.LIBCMT ref: 666A4D15
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$Name$Name::$Decorator::getName::operator=
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 212298780-0
                                                                                                                                                                • Opcode ID: 3ecbe6ffa8c702394cd0914ec0b5b6d955c77576ca16d897b7bc7ded3f35206c
                                                                                                                                                                • Instruction ID: 330a6a4f9cad060132c82dad8940ce4b86fd9e5ee609ed5c5647cf42564b9626
                                                                                                                                                                • Opcode Fuzzy Hash: 3ecbe6ffa8c702394cd0914ec0b5b6d955c77576ca16d897b7bc7ded3f35206c
                                                                                                                                                                • Instruction Fuzzy Hash: 9051BE32A08BC4A5EB11CB22FC403997B72F798748F44425AEA8D43764DB3EC969C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C50A8 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp$_set_exp_umatherr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3511029064-0
                                                                                                                                                                • Opcode ID: cf2307b22dcd74b8b0dc054956cb8a9ac592658af9f5b1afab7c768bfc59e330
                                                                                                                                                                • Instruction ID: ea469605b468e08c76ce94dc4ca4dde52ef075e280127f325808afcb03b6967e
                                                                                                                                                                • Opcode Fuzzy Hash: cf2307b22dcd74b8b0dc054956cb8a9ac592658af9f5b1afab7c768bfc59e330
                                                                                                                                                                • Instruction Fuzzy Hash: 0B311831A18E404AE3115E3DFCA435E9A95EF923D8F108326E51127FB8EF25E4734646
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667340C Relevance: 9.1, APIs: 6, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_fileno_ftbuf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2434734397-0
                                                                                                                                                                • Opcode ID: 589a9c4baf8c8bf2a26f7b296cf2a41bf592afacbab5dfb913f59ca30bacba12
                                                                                                                                                                • Instruction ID: cbe1cce39c10f9dc73036349d1764cae8b5206a19a56a02284f2af7a47877900
                                                                                                                                                                • Opcode Fuzzy Hash: 589a9c4baf8c8bf2a26f7b296cf2a41bf592afacbab5dfb913f59ca30bacba12
                                                                                                                                                                • Instruction Fuzzy Hash: 693123B2B04B4141DE298B76BD9032D6E62BB55FE8F110216DE29D73D4DF39C811D386
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666E6DC Relevance: 9.1, APIs: 6, Instructions: 92COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_fileno_ftbuf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2434734397-0
                                                                                                                                                                • Opcode ID: 96c943987aa4c2ab8779513e6d75eda46c652a917b813bd8153bf4bec50ca458
                                                                                                                                                                • Instruction ID: f3ef32b5bcbb630fe01c1e8d781209c7db53ecc85fbf0045ea5a8c0235220ed5
                                                                                                                                                                • Opcode Fuzzy Hash: 96c943987aa4c2ab8779513e6d75eda46c652a917b813bd8153bf4bec50ca458
                                                                                                                                                                • Instruction Fuzzy Hash: 2F314762B1868042DE048B7BFD9032D3E52AB91BF8F615725DD29C72E1DF38D450C382
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A36C8 Relevance: 9.1, APIs: 6, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Name::operator+=$NameName::appendName::operator=Node::makeStatus
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 686042019-0
                                                                                                                                                                • Opcode ID: f2773c5df2d25c4c36196f5b845f16fee02db84e9f4804283c82017ad17c3b88
                                                                                                                                                                • Instruction ID: 434b2f3c43a904b9bd7cc0b3af45b436fb6ae3a2410ad554b8ce8e1d74e321ea
                                                                                                                                                                • Opcode Fuzzy Hash: f2773c5df2d25c4c36196f5b845f16fee02db84e9f4804283c82017ad17c3b88
                                                                                                                                                                • Instruction Fuzzy Hash: 6331E372A19BC091EB128F26FC403597B62F342B88F488115DA499B768CF7ECC92C794
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A9564 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: HeapWalk_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3044651297-0
                                                                                                                                                                • Opcode ID: 7759db5bb478ecb0fff6540d80219948400313eb6f04d48551f31489c82839ac
                                                                                                                                                                • Instruction ID: fca7790e340067e5e19e6fecf2089c612f261ed9d059cfd54d846f8d242035e3
                                                                                                                                                                • Opcode Fuzzy Hash: 7759db5bb478ecb0fff6540d80219948400313eb6f04d48551f31489c82839ac
                                                                                                                                                                • Instruction Fuzzy Hash: BD31C73262C74082F710CB6AF89035D7765FB8579CF245329FA9A87764DB7AC960CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B2208 Relevance: 9.1, APIs: 6, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _lock.LIBCMT ref: 666B222F
                                                                                                                                                                  • Part of subcall function 66661740: _amsg_exit.LIBCMT ref: 6666176A
                                                                                                                                                                • _errno.LIBCMT ref: 666B2243
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666B224F
                                                                                                                                                                  • Part of subcall function 666B0450: GetCurrentProcess.KERNEL32(?,?,?,?,666B04F6), ref: 666B0468
                                                                                                                                                                • calloc.LIBCMT ref: 666B2291
                                                                                                                                                                • _errno.LIBCMT ref: 666B229E
                                                                                                                                                                • _errno.LIBCMT ref: 666B22A9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$CurrentProcess_amsg_exit_invalid_parameter_noinfo_lockcalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1209116363-0
                                                                                                                                                                • Opcode ID: 70d8bffe61029b432c933ef40dc9a2e4ebdcf7ec5b34ebbf5174e3f5a3bb5f63
                                                                                                                                                                • Instruction ID: 107dff499cebdeb3f2f12f94880a366debfc50a5d5f28aab852a28eb7f960aba
                                                                                                                                                                • Opcode Fuzzy Hash: 70d8bffe61029b432c933ef40dc9a2e4ebdcf7ec5b34ebbf5174e3f5a3bb5f63
                                                                                                                                                                • Instruction Fuzzy Hash: 5B21D731715B42C2EB049F56F95022EBEA9BB95BC8F4545289F48CB704DF38D831C319
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664A2FC Relevance: 9.1, APIs: 6, Instructions: 74COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseEventHandle$CriticalDeleteFreeSectionVirtual
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2064654181-0
                                                                                                                                                                • Opcode ID: cccd1179d638054a3066fad610aceeffeb224ad76909503856ce64e3ad019acc
                                                                                                                                                                • Instruction ID: 667ae0ffdadf4b9d36b8187837309cf64b3ff2e174f805cccedc227eeb33ada1
                                                                                                                                                                • Opcode Fuzzy Hash: cccd1179d638054a3066fad610aceeffeb224ad76909503856ce64e3ad019acc
                                                                                                                                                                • Instruction Fuzzy Hash: D8315C22710B80A3DB08DB26EA5436C7721FBC4B94F10422ADB6E87764DF75E875C344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665E2CC Relevance: 9.1, APIs: 6, Instructions: 74librarythreadCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastModule$CreateFileHandleLibraryLoadNameThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 293330511-0
                                                                                                                                                                • Opcode ID: 81cde878fc1db074e732cdf8a8056de300deb3889be58d8c1eda6d3275188686
                                                                                                                                                                • Instruction ID: c597c7a3fdacc661263065e28a2719a8c3122ca0e42a2f7c982e8993e069f8b4
                                                                                                                                                                • Opcode Fuzzy Hash: 81cde878fc1db074e732cdf8a8056de300deb3889be58d8c1eda6d3275188686
                                                                                                                                                                • Instruction Fuzzy Hash: 2421E535B04A8096FB10AB61FC5436AB7A2FB847D5F448026ED4E83668EF7EC426C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B17B8 Relevance: 9.1, APIs: 6, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,666611E7), ref: 666B17D1
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,666611E7), ref: 666B1828
                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,666611E7), ref: 666B1863
                                                                                                                                                                • free.LIBCMT ref: 666B1870
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,666611E7), ref: 666B187B
                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,666611E7), ref: 666B1889
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentStrings$ByteCharFreeMultiWide$free
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 517548149-0
                                                                                                                                                                • Opcode ID: c4741b45173304d28768e3e24e82c501584a1f17181c54fedaa3d71442748595
                                                                                                                                                                • Instruction ID: a9cbc7d3db33b1c6924f32bfdda8eab65e1ee417a7af13240d4ed0692a52639b
                                                                                                                                                                • Opcode Fuzzy Hash: c4741b45173304d28768e3e24e82c501584a1f17181c54fedaa3d71442748595
                                                                                                                                                                • Instruction Fuzzy Hash: F8217C32B19B84D6DB149F62F81025AB7A6FB89BC4F484028EE8A47B54EF79D160C744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666DF14 Relevance: 9.1, APIs: 6, Instructions: 52COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _fileno$_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1839398362-0
                                                                                                                                                                • Opcode ID: f750f7366740a2871a8e1200a57b0d042e0638c932b7c235d32c3136af0d26b8
                                                                                                                                                                • Instruction ID: bd7df0758ce01cbf063176966e47487a2cae45dd0513062c2565792659dfc8af
                                                                                                                                                                • Opcode Fuzzy Hash: f750f7366740a2871a8e1200a57b0d042e0638c932b7c235d32c3136af0d26b8
                                                                                                                                                                • Instruction Fuzzy Hash: E5110822618A8187CB009B77FE8033D7F21ABC27A8B644711EA67C76D0DF38C8528347
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664541C Relevance: 9.0, APIs: 6, Instructions: 48threadCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 6664543B
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6664544C
                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 66645455
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 6664545E
                                                                                                                                                                • DuplicateHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,66650475), ref: 66645486
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,66650475), ref: 66645490
                                                                                                                                                                  • Part of subcall function 666440A8: std::exception::exception.LIBCMT ref: 666440C8
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Current$ProcessThread$DuplicateErrorExceptionHandleLastRaisestd::exception::exception
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2860095299-0
                                                                                                                                                                • Opcode ID: 27bf3471a7a7f82a004e6d28b23ce3ec6d4224d1041a3a586f5f7a20fb114c29
                                                                                                                                                                • Instruction ID: 84e2cfa16ea7788e2b376538dd05bbaba96eabcafa2848c7fdf4ca4597ad692b
                                                                                                                                                                • Opcode Fuzzy Hash: 27bf3471a7a7f82a004e6d28b23ce3ec6d4224d1041a3a586f5f7a20fb114c29
                                                                                                                                                                • Instruction Fuzzy Hash: 4E118236704B818AE700EF62F848389BB61FB99BC9F544125EE8943718DF7AC5A9C740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66662064 Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 6666206E
                                                                                                                                                                • FlsGetValue.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 6666207C
                                                                                                                                                                • SetLastError.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 666620D4
                                                                                                                                                                  • Part of subcall function 666A8B14: Sleep.KERNEL32(?,?,?,66662097,?,?,?,66665695,?,?,?,?,666A8D9D), ref: 666A8B59
                                                                                                                                                                • FlsSetValue.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 666620A8
                                                                                                                                                                • free.LIBCMT ref: 666620CB
                                                                                                                                                                  • Part of subcall function 66661FA8: _lock.LIBCMT ref: 66661FFC
                                                                                                                                                                  • Part of subcall function 66661FA8: _lock.LIBCMT ref: 6666201B
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 666620BC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastValue_lock$CurrentSleepThreadfree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3106088686-0
                                                                                                                                                                • Opcode ID: d47914200651d2eb2a8f9cceecaf426b5f291a5a9cbf5b3f0fb9d9c27be19f02
                                                                                                                                                                • Instruction ID: c9799b054d1f071f380dc26b20d83e1ed9d1a8a87b608e8dd5465a589b937ab8
                                                                                                                                                                • Opcode Fuzzy Hash: d47914200651d2eb2a8f9cceecaf426b5f291a5a9cbf5b3f0fb9d9c27be19f02
                                                                                                                                                                • Instruction Fuzzy Hash: B3018B21701BC087EB05AF66F4543186667BF88BD0F148624D929473D4DF3EC475C651
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666548C Relevance: 9.0, APIs: 6, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AttributesFile$ErrorLast__doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2168707896-0
                                                                                                                                                                • Opcode ID: 276cb46fe6bd1fd7f454afe148f6452f78b9ceebca755916e450dff6a90a5aff
                                                                                                                                                                • Instruction ID: 7b1061cead6a7674e5400a81611205f6b204178f9744873934bda0c2f57c9d36
                                                                                                                                                                • Opcode Fuzzy Hash: 276cb46fe6bd1fd7f454afe148f6452f78b9ceebca755916e450dff6a90a5aff
                                                                                                                                                                • Instruction Fuzzy Hash: 4DF0C231B1854086EB045BBBFC0231D39616F9577AF204760E921C2292DFB8C4708253
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66667500 Relevance: 9.0, APIs: 6, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AttributesFile$ErrorLast__doserrno_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2168707896-0
                                                                                                                                                                • Opcode ID: 2dc22861aea15a8f8c1cc9d31e5b5ad1ace8dd2370d8ed4f448f0e6e343a4b70
                                                                                                                                                                • Instruction ID: 4105bc255bfc203610d07cda734ddc0923e7816775a01cd9e8147499410c7446
                                                                                                                                                                • Opcode Fuzzy Hash: 2dc22861aea15a8f8c1cc9d31e5b5ad1ace8dd2370d8ed4f448f0e6e343a4b70
                                                                                                                                                                • Instruction Fuzzy Hash: 9FF09072B28A0186EB046BBBFC0131D6D616F95779F249760E932C22E1EF39D4608267
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666775D0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 240COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 66662064: GetLastError.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 6666206E
                                                                                                                                                                  • Part of subcall function 66662064: FlsGetValue.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 6666207C
                                                                                                                                                                  • Part of subcall function 66662064: FlsSetValue.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 666620A8
                                                                                                                                                                  • Part of subcall function 66662064: GetCurrentThreadId.KERNEL32 ref: 666620BC
                                                                                                                                                                  • Part of subcall function 66662064: SetLastError.KERNEL32(?,?,?,66665695,?,?,?,?,666A8D9D,?,?,?,6669F018), ref: 666620D4
                                                                                                                                                                  • Part of subcall function 666A8B14: Sleep.KERNEL32(?,?,?,66662097,?,?,?,66665695,?,?,?,?,666A8D9D), ref: 666A8B59
                                                                                                                                                                • _errno.LIBCMT ref: 666778D8
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666778E3
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastValue$CurrentSleepThread_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: ;$;$JanFebMarAprMayJunJulAugSepOctNovDec
                                                                                                                                                                • API String ID: 1962487656-1313005829
                                                                                                                                                                • Opcode ID: 5c053900432533e4998ea0d9ec183a63c4a0361475035c13510805ad92db864b
                                                                                                                                                                • Instruction ID: 171d46309a090bdc655e1b5500da984abd5e2332afeae69b0ebdecbfdee7a7a3
                                                                                                                                                                • Opcode Fuzzy Hash: 5c053900432533e4998ea0d9ec183a63c4a0361475035c13510805ad92db864b
                                                                                                                                                                • Instruction Fuzzy Hash: 938158737112C48FD719CE2DE8957C83FA2E3A6748F18C13ADA408B756E639E50AC752
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667F140 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_fltin2_getptd_invalid_parameter_noinfo
                                                                                                                                                                • String ID: -
                                                                                                                                                                • API String ID: 1607711077-2547889144
                                                                                                                                                                • Opcode ID: 02417f96a12eabefffdb1b2428f29160f285f8d2ac5325a6293e15ea58f4d7e0
                                                                                                                                                                • Instruction ID: 9e4be2dbed6e76bedf4fbe3e36410b1624c716d5853297e6fed9d31525157d9c
                                                                                                                                                                • Opcode Fuzzy Hash: 02417f96a12eabefffdb1b2428f29160f285f8d2ac5325a6293e15ea58f4d7e0
                                                                                                                                                                • Instruction Fuzzy Hash: B7411476508BC0C5E7228F65F45076ABF60FBD6B94F118311EAA917B68DB3CC461CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666597AC Relevance: 8.8, APIs: 7, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1452528299-0
                                                                                                                                                                • Opcode ID: 04e7290cbcc8fa2762993de692bcd91749336297de193e30a3ced84b6df21d1e
                                                                                                                                                                • Instruction ID: 9072ad41b799ec7b11c31ab70380bb87b789439b626b76fb79ae872b59b3f8f1
                                                                                                                                                                • Opcode Fuzzy Hash: 04e7290cbcc8fa2762993de692bcd91749336297de193e30a3ced84b6df21d1e
                                                                                                                                                                • Instruction Fuzzy Hash: 3F317050719AC1A0FB005B6AF9113556773AB557A8F090B5AD929073B4CF3BC030C343
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A047D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _getptd$ExceptionRaise_amsg_exit
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 4155239085-1018135373
                                                                                                                                                                • Opcode ID: 1796829b4002d180d42b5495d8770936aefbe90281eec0d3728817dbd5b9b326
                                                                                                                                                                • Instruction ID: b1bf0ae5ae7f896ddf7e2683db04b4fa70ee221639ae6d06f7e932cfc77cb3a4
                                                                                                                                                                • Opcode Fuzzy Hash: 1796829b4002d180d42b5495d8770936aefbe90281eec0d3728817dbd5b9b326
                                                                                                                                                                • Instruction Fuzzy Hash: 82214836604785C6C730CF12F05079EBB65F788BA9F014226DFAA03B54CB3AD896CB85
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A86F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A8752
                                                                                                                                                                • DName::DName.LIBCMT ref: 666A8764
                                                                                                                                                                  • Part of subcall function 666A3190: DName::doPchar.LIBCMT ref: 666A31C9
                                                                                                                                                                • DName::operator+=.LIBCMT ref: 666A87C2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: NameName::$Name::doName::operator+=Pchar
                                                                                                                                                                • String ID: void$void
                                                                                                                                                                • API String ID: 1070866305-3746155364
                                                                                                                                                                • Opcode ID: f9badb0bfc2f6b2791a862da9ede80efab077b04b3327335dce83b6a16365146
                                                                                                                                                                • Instruction ID: 929485673617bf8187a4086bdd343dc2f4a1558cc30fc8ef2519067863962b96
                                                                                                                                                                • Opcode Fuzzy Hash: f9badb0bfc2f6b2791a862da9ede80efab077b04b3327335dce83b6a16365146
                                                                                                                                                                • Instruction Fuzzy Hash: 3E219A62B14B94A8EB02CF64FC403EC3B71F759748F844129DE4926629EB3ADDA5C344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66670EE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_fileno_flush_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 329365992-3916222277
                                                                                                                                                                • Opcode ID: a88c7bd38749f79237e4043361586f3c449d36b53e1bf1640330cf7b2b6734c2
                                                                                                                                                                • Instruction ID: a73f5f1aa8cdc35ca96ff72438f5345bc17028da2b45c030b813f50178b71a9a
                                                                                                                                                                • Opcode Fuzzy Hash: a88c7bd38749f79237e4043361586f3c449d36b53e1bf1640330cf7b2b6734c2
                                                                                                                                                                • Instruction Fuzzy Hash: 66110862214B4045DF14CF7EFC5122D3E219B91B68F245311D926C71E4DB3DC551C7D9
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66651268 Relevance: 7.6, APIs: 5, Instructions: 142COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,66651257,?,?,?,66650FC9,?,?,00000001,66651108), ref: 666512A4
                                                                                                                                                                • InterlockedFlushSList.KERNEL32(?,?,00000000,66651257,?,?,?,66650FC9,?,?,00000001,66651108), ref: 6665134C
                                                                                                                                                                • InterlockedFlushSList.KERNEL32(?,?,00000000,66651257,?,?,?,66650FC9,?,?,00000001,66651108), ref: 66651392
                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,66651257,?,?,?,66650FC9,?,?,00000001,66651108), ref: 66651424
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000000,66651257,?,?,?,66650FC9,?,?,00000001,66651108), ref: 6665142E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseFlushHandleInterlockedList$Event
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2682403456-0
                                                                                                                                                                • Opcode ID: ae73e837cd9386afe00a34148a29bcee4a096fa9df7a1486f64070a3b47b74aa
                                                                                                                                                                • Instruction ID: 16aa22cb745378239b39d9c7c765d12aaa8e763d42f64f9b67d490a3268c5722
                                                                                                                                                                • Opcode Fuzzy Hash: ae73e837cd9386afe00a34148a29bcee4a096fa9df7a1486f64070a3b47b74aa
                                                                                                                                                                • Instruction Fuzzy Hash: 9E515636711B8496DB18DF66E5913ADB721FB88F85F098026CB9E47B24CF39D866C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666ADC64 Relevance: 7.6, APIs: 5, Instructions: 137COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 66661654: _FF_MSGBANNER.LIBCMT ref: 6666167B
                                                                                                                                                                • _lock.LIBCMT ref: 666ADC9E
                                                                                                                                                                • _lock.LIBCMT ref: 666ADCF7
                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,?,00000000,00000000,666AA4BC), ref: 666ADD0C
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,00000000,00000000,666AA4BC), ref: 666ADD37
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,00000000,00000000,666AA4BC), ref: 666ADD47
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$_lock$CountEnterInitializeLeaveSpin
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3451527041-0
                                                                                                                                                                • Opcode ID: 3b722db742a8a5de3ebf38d5235fd5fbc61616b4fc2cb52001ef5aa9efc448e0
                                                                                                                                                                • Instruction ID: 9c07f240be01fe81767be45e4e069cf9d43642d8bcf3157e7f66063221cf55b4
                                                                                                                                                                • Opcode Fuzzy Hash: 3b722db742a8a5de3ebf38d5235fd5fbc61616b4fc2cb52001ef5aa9efc448e0
                                                                                                                                                                • Instruction Fuzzy Hash: 83512872714B8086EB009F25F85039ABBA5F794BACF485229DE6E473D4DF79C865CB00
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66674608 Relevance: 7.6, APIs: 5, Instructions: 128COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: ac97d8d3d01107ba1ac368710fd3671d91f748745e1a5b913ceed7cda1686f2e
                                                                                                                                                                • Instruction ID: ac76c394867541abceb0f7b419c536acdd4c1f7003b59ad9113fabfc50ad7c96
                                                                                                                                                                • Opcode Fuzzy Hash: ac97d8d3d01107ba1ac368710fd3671d91f748745e1a5b913ceed7cda1686f2e
                                                                                                                                                                • Instruction Fuzzy Hash: D14186B2F2824082EF388F2BF45C72D3EA1BB53B85F514115CA2547B54C7B9D660CB81
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666E17C Relevance: 7.6, APIs: 5, Instructions: 123COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: af10c64a609301e79616a3e59d1cae060f6e73c7f7aac21156dfb37a786004fe
                                                                                                                                                                • Instruction ID: f6f0662a0b6271d4c9d24de3bf1ca902148b791ddd842a1db31072eb4cbe4036
                                                                                                                                                                • Opcode Fuzzy Hash: af10c64a609301e79616a3e59d1cae060f6e73c7f7aac21156dfb37a786004fe
                                                                                                                                                                • Instruction Fuzzy Hash: 7C4197F2E2C2C285FB1A4F6BFD107197F5BA7A2B45F019515CA15D7A92C63C8860CB83
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666AE19C Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ConsoleInput$EventsNumberPeek__initconinfree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3212530395-0
                                                                                                                                                                • Opcode ID: e1be57572a9d66bddec9952ea0bb7b2dc8753d4858bf5056e2e57a4a8b65749b
                                                                                                                                                                • Instruction ID: 446eff09d580659cb5c2e35a37f78e0f9e2cb4978e2b69514c7ee0dc215d8ecf
                                                                                                                                                                • Opcode Fuzzy Hash: e1be57572a9d66bddec9952ea0bb7b2dc8753d4858bf5056e2e57a4a8b65749b
                                                                                                                                                                • Instruction Fuzzy Hash: C0418B32A10B909AEF11CF65F8503993762FB40BA8F444716AA7A077E4DB39CD91D350
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B3ED8 Relevance: 7.6, APIs: 5, Instructions: 102COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,00000000,?,00000004,?,666B4097), ref: 666B3F32
                                                                                                                                                                • malloc.LIBCMT ref: 666B3F96
                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,00000000,?,00000004,?,666B4097), ref: 666B3FDE
                                                                                                                                                                • GetStringTypeW.KERNEL32(?,?,?,00000000,?,00000004,?,666B4097), ref: 666B3FF5
                                                                                                                                                                • free.LIBCMT ref: 666B4009
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ByteCharMultiWide$StringTypefreemalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 307345228-0
                                                                                                                                                                • Opcode ID: 002a74b33a8d299ca6535c69e464ffa658966762347faae28487edce9d634f7f
                                                                                                                                                                • Instruction ID: a349e2dcdd1633f0d3bad0364dba4442c470fe51fcb95d36aa4a7d6053559d80
                                                                                                                                                                • Opcode Fuzzy Hash: 002a74b33a8d299ca6535c69e464ffa658966762347faae28487edce9d634f7f
                                                                                                                                                                • Instruction Fuzzy Hash: FF319072710B80DAEB108F65E80068977B9FB88BF8F584216EE2957BD8DF39C8558340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C7060 Relevance: 7.6, APIs: 5, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C70A1
                                                                                                                                                                • _exception_enabled.LIBCMT ref: 666C70C3
                                                                                                                                                                  • Part of subcall function 666C6FA0: _set_statfp.LIBCMT ref: 666C6FC7
                                                                                                                                                                  • Part of subcall function 666C6FA0: _set_statfp.LIBCMT ref: 666C703A
                                                                                                                                                                • _raise_excf.LIBCMT ref: 666C710F
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C715B
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C718C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp$_set_statfp$_exception_enabled_raise_excf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3843346586-0
                                                                                                                                                                • Opcode ID: 4f94e8b7b5c8bfe88fbe6ff603a9da95c4f52d694db73bb06c9bacce3079a0b4
                                                                                                                                                                • Instruction ID: 80690acfcf37fd145bd010b6b5d7f0d5f1dad100f99879699109e0a7ff67b248
                                                                                                                                                                • Opcode Fuzzy Hash: 4f94e8b7b5c8bfe88fbe6ff603a9da95c4f52d694db73bb06c9bacce3079a0b4
                                                                                                                                                                • Instruction Fuzzy Hash: 3F317332A24F859AD710CF26F85065FBF71FBC9798F040215FA8957A68DB39D485CB40
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C71C4 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C7205
                                                                                                                                                                • _exception_enabled.LIBCMT ref: 666C7228
                                                                                                                                                                  • Part of subcall function 666C6FA0: _set_statfp.LIBCMT ref: 666C6FC7
                                                                                                                                                                  • Part of subcall function 666C6FA0: _set_statfp.LIBCMT ref: 666C703A
                                                                                                                                                                • _raise_exc.LIBCMT ref: 666C7274
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C72B4
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C72E5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp$_set_statfp$_exception_enabled_raise_exc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3456427917-0
                                                                                                                                                                • Opcode ID: e6158abaf9f939e38da21d6382fea1a83dec98de112617cd9b63d3de5635abc4
                                                                                                                                                                • Instruction ID: 45741501ffec98ec2bfe2aa5f527681a17b311c86b3d89e77e6bffca95b71063
                                                                                                                                                                • Opcode Fuzzy Hash: e6158abaf9f939e38da21d6382fea1a83dec98de112617cd9b63d3de5635abc4
                                                                                                                                                                • Instruction Fuzzy Hash: 77314A32A24E858AD751CF29F8506ABBB75FBCA798F001215FE895AA18DF38D441CB44
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66680320 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_fltin2_getptd_invalid_parameter_noinfoiswctype
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 287737001-0
                                                                                                                                                                • Opcode ID: edea416b46356581f176a83ce0cc7c107a8c8b0a826003e81d135d3bfdeac900
                                                                                                                                                                • Instruction ID: efabe9432b65499ba5aff38b93b178a3bfedff08325fbe9a2aee8199f036d9f0
                                                                                                                                                                • Opcode Fuzzy Hash: edea416b46356581f176a83ce0cc7c107a8c8b0a826003e81d135d3bfdeac900
                                                                                                                                                                • Instruction Fuzzy Hash: 1C312A32A45B80C6E7128F35F44036EBBA0FBA5B94F118715EB991B754DB38C862C7A0
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66682398 Relevance: 7.6, APIs: 5, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo$_getptd
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 611898089-0
                                                                                                                                                                • Opcode ID: 819f2b163cd45f906b97c713572c23773454f8df161e173a42affeb51375b822
                                                                                                                                                                • Instruction ID: 317bea8cf7e0092efd9b81aa44d257684ee3440fbe9b6d60ee4ecfdf3c0aed9d
                                                                                                                                                                • Opcode Fuzzy Hash: 819f2b163cd45f906b97c713572c23773454f8df161e173a42affeb51375b822
                                                                                                                                                                • Instruction Fuzzy Hash: 7931BE725083C08AEB128F35F98035DBF64B7A1754F088129DBE50BB96DB6CC851CBB5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B0724 Relevance: 7.6, APIs: 5, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DecodePointer.KERNEL32(?,00000001,00000000,666B083D,?,?,?,?,666A8E37), ref: 666B074D
                                                                                                                                                                • DecodePointer.KERNEL32(?,00000001,00000000,666B083D,?,?,?,?,666A8E37), ref: 666B075D
                                                                                                                                                                  • Part of subcall function 666A96B4: _errno.LIBCMT ref: 666A96BD
                                                                                                                                                                  • Part of subcall function 666A96B4: _invalid_parameter_noinfo.LIBCMT ref: 666A96C8
                                                                                                                                                                • EncodePointer.KERNEL32(?,00000001,00000000,666B083D,?,?,?,?,666A8E37), ref: 666B07DB
                                                                                                                                                                  • Part of subcall function 666A8BA0: realloc.LIBCMT ref: 666A8BCB
                                                                                                                                                                  • Part of subcall function 666A8BA0: Sleep.KERNEL32(?,?,00000000,666B07CB,?,00000001,00000000,666B083D,?,?,?,?,666A8E37), ref: 666A8BE7
                                                                                                                                                                • EncodePointer.KERNEL32(?,00000001,00000000,666B083D,?,?,?,?,666A8E37), ref: 666B07EB
                                                                                                                                                                • EncodePointer.KERNEL32(?,00000001,00000000,666B083D,?,?,?,?,666A8E37), ref: 666B07F8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Pointer$Encode$Decode$Sleep_errno_invalid_parameter_noinforealloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1909145217-0
                                                                                                                                                                • Opcode ID: e1b392c46783819d7045d94c2e20a1e9ef50a483151a8906cc54f51f32754b38
                                                                                                                                                                • Instruction ID: eb707b9223b17ae3089cae15d0ffe780d179ec014ca70c08bce04dd5e42acad2
                                                                                                                                                                • Opcode Fuzzy Hash: e1b392c46783819d7045d94c2e20a1e9ef50a483151a8906cc54f51f32754b38
                                                                                                                                                                • Instruction Fuzzy Hash: C9218021706B44D1EA059F62FA5434ABBA2F789BC5F444835D94E07718EF7ED4A5C380
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B262D Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 666B2637
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666B2643
                                                                                                                                                                  • Part of subcall function 666B0450: GetCurrentProcess.KERNEL32(?,?,?,?,666B04F6), ref: 666B0468
                                                                                                                                                                • calloc.LIBCMT ref: 666B2685
                                                                                                                                                                • _errno.LIBCMT ref: 666B2692
                                                                                                                                                                • _errno.LIBCMT ref: 666B269D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$CurrentProcess_invalid_parameter_noinfocalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3848189561-0
                                                                                                                                                                • Opcode ID: 47797789fe62990da9d82c349458638fecc562229f0ead83e8e94dacc22e3225
                                                                                                                                                                • Instruction ID: 38f59bdce6ace09d0aea4c7273c63f18e7873203b74e52eef0f50dc64b134e4b
                                                                                                                                                                • Opcode Fuzzy Hash: 47797789fe62990da9d82c349458638fecc562229f0ead83e8e94dacc22e3225
                                                                                                                                                                • Instruction Fuzzy Hash: 3C11B232B05B42C3EF059F27B91162E6FA9BB51B88B4444248F598BB14FF38C831C759
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B6680 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID: :
                                                                                                                                                                • API String ID: 2819658684-336475711
                                                                                                                                                                • Opcode ID: a88d76877a0e9a77cd63244ad328701b0c3eeb4972873074cda8f41303b94c54
                                                                                                                                                                • Instruction ID: ed8fd21c8a1e64e756986e80705743bcccd64eec6238d67f6898c726e481154c
                                                                                                                                                                • Opcode Fuzzy Hash: a88d76877a0e9a77cd63244ad328701b0c3eeb4972873074cda8f41303b94c54
                                                                                                                                                                • Instruction Fuzzy Hash: BB6105A2E097D0D4DB2A8E27F9103AA6A51F756BC8F088035CE94C7719EB75C075C752
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B6358 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID: :
                                                                                                                                                                • API String ID: 2819658684-336475711
                                                                                                                                                                • Opcode ID: d8820943c6e48f4cf763b084562a92deab14293378b8d4e0cac5c60292c594f2
                                                                                                                                                                • Instruction ID: 09589be4f31db38da32198545a3ff9a76d9bdfc77e24443eed1e98b80f7473c6
                                                                                                                                                                • Opcode Fuzzy Hash: d8820943c6e48f4cf763b084562a92deab14293378b8d4e0cac5c60292c594f2
                                                                                                                                                                • Instruction Fuzzy Hash: 8B51E5B2A0DBD0C4DA198E2BF52039A6A51AB527E8F04D324DE79C768ADF35C475C305
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B85BC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 203COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID: :
                                                                                                                                                                • API String ID: 2819658684-336475711
                                                                                                                                                                • Opcode ID: 3f2c83a900084b28d382a2b7ffab0bd0fb148b0ba987c58d43c714170672bd6c
                                                                                                                                                                • Instruction ID: 87c7f630c9e0005b076e3958ea40428897591f44bf932562961e2a47a24d1f10
                                                                                                                                                                • Opcode Fuzzy Hash: 3f2c83a900084b28d382a2b7ffab0bd0fb148b0ba987c58d43c714170672bd6c
                                                                                                                                                                • Instruction Fuzzy Hash: 80511F6AB29792F1DE258E27F5107AA6660FB05BC8F04843DDE9487B29EB38C071C705
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C446C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID: "$cosh
                                                                                                                                                                • API String ID: 1156100317-3800341493
                                                                                                                                                                • Opcode ID: 9fe2f2abd1915d45ad0deddb839b2cbf1a285f02d43ec789e626ac66ef4d7d62
                                                                                                                                                                • Instruction ID: 989f98004dfe55ea0f7872616b3204b84aa34d272b2e386fc37d7e50a645a516
                                                                                                                                                                • Opcode Fuzzy Hash: 9fe2f2abd1915d45ad0deddb839b2cbf1a285f02d43ec789e626ac66ef4d7d62
                                                                                                                                                                • Instruction Fuzzy Hash: 3F81E432A24F8089D263CB34F4513A67369FFA63D4F11D307E58A32A65DB6AD1938740
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669DE74 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6667C9B8: _getptd.LIBCMT ref: 6667C9CA
                                                                                                                                                                • _errno.LIBCMT ref: 6669DFD0
                                                                                                                                                                • _errno.LIBCMT ref: 6669E003
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 6669E00E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_getptd_invalid_parameter_noinfo
                                                                                                                                                                • String ID: #
                                                                                                                                                                • API String ID: 2372577547-1885708031
                                                                                                                                                                • Opcode ID: 8133a74de33481b8ceb5758e13120813ef7ed27de11208fe3c25df62bd392b1d
                                                                                                                                                                • Instruction ID: 83187c565d04fc2106bbd1dda72df0bebad90be6a92118ffeb706d7412baf2fb
                                                                                                                                                                • Opcode Fuzzy Hash: 8133a74de33481b8ceb5758e13120813ef7ed27de11208fe3c25df62bd392b1d
                                                                                                                                                                • Instruction Fuzzy Hash: B841A023B11BA589EB02CF75E84069D3BB4F754B9CB085626EE6A57B19CF34C051C391
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665F4BC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EncodePointermalloc
                                                                                                                                                                • String ID: bad allocation$csm
                                                                                                                                                                • API String ID: 4011298729-2003371537
                                                                                                                                                                • Opcode ID: 2fb32110191cd79c7b07c23d120328ba8ddca3237d2f362e2e80a335f6967aa7
                                                                                                                                                                • Instruction ID: c3bf63e16bf65daa3045720f87a9ae920c3cad8b20ce0bad66b299a7f2e2ad7f
                                                                                                                                                                • Opcode Fuzzy Hash: 2fb32110191cd79c7b07c23d120328ba8ddca3237d2f362e2e80a335f6967aa7
                                                                                                                                                                • Instruction Fuzzy Hash: 2841DD72A00B40CADB10CF26F48175D77A4F798B89F518516DB4D87B28DB39C5B2CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665E430 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentThreadValueswprintf
                                                                                                                                                                • String ID: [%d:%d:%d:%d(%d)]
                                                                                                                                                                • API String ID: 3453547420-3832470304
                                                                                                                                                                • Opcode ID: 8e412c0397156738b8be3bc34bdb06a4e5d72303a5cadc0c721d1b97e5c955bc
                                                                                                                                                                • Instruction ID: ed8e39b60685486e7d5960b2d57913c18de9176b901546196a7af00b4ac8d28f
                                                                                                                                                                • Opcode Fuzzy Hash: 8e412c0397156738b8be3bc34bdb06a4e5d72303a5cadc0c721d1b97e5c955bc
                                                                                                                                                                • Instruction Fuzzy Hash: 1631B032300B508ADB14DF26E8457597BA5FB88FD4F468126EE6A53724DF7AC862C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664A43C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 6664A45B
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 6664A49D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::exception::exception$ExceptionRaise
                                                                                                                                                                • String ID: pScheduler$version
                                                                                                                                                                • API String ID: 127205192-3154422776
                                                                                                                                                                • Opcode ID: 290056e2afb8ae586098ba778af8d19811d2dca14c5a9fe664f1bb98bda51f61
                                                                                                                                                                • Instruction ID: 3de0ff18528f05a642ad5d6c9ad44c50a3cbf8e9de472e7443922d34fed79c32
                                                                                                                                                                • Opcode Fuzzy Hash: 290056e2afb8ae586098ba778af8d19811d2dca14c5a9fe664f1bb98bda51f61
                                                                                                                                                                • Instruction Fuzzy Hash: 3D319021708B8692DF14DB58F85029EBB75FB857D8F808226EA9C47BA8EF3DC555C700
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6669C354 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: A$Z
                                                                                                                                                                • API String ID: 2959964966-4098844585
                                                                                                                                                                • Opcode ID: 0c0cdae60050f44e30f8366b71d67bdc4e4d608330d7a609ee378136ddaeb956
                                                                                                                                                                • Instruction ID: 8b49cd33611cd5c0e8a1fa2774df303f2af16065c765eca1edcc89d1cbd38ab0
                                                                                                                                                                • Opcode Fuzzy Hash: 0c0cdae60050f44e30f8366b71d67bdc4e4d608330d7a609ee378136ddaeb956
                                                                                                                                                                • Instruction Fuzzy Hash: C421F3B3F1439286EB109B25F6401BABAA0F790BD4BD44312EFEA47788D738C551CB56
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664F2B8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6664F324: QueryDepthSList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F47A
                                                                                                                                                                  • Part of subcall function 6664F324: InterlockedPushEntrySList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F495
                                                                                                                                                                  • Part of subcall function 6664F324: QueryDepthSList.KERNEL32(?,?,?,?,?,?,?,?,6664F2DD), ref: 6664F49F
                                                                                                                                                                • DeleteCriticalSection.KERNEL32 ref: 6664F2E5
                                                                                                                                                                • DeleteCriticalSection.KERNEL32 ref: 6664F2F3
                                                                                                                                                                • ~ListArray.LIBCMT ref: 6664F2FE
                                                                                                                                                                  • Part of subcall function 6664E958: InterlockedFlushSList.KERNEL32 ref: 6664E96F
                                                                                                                                                                  • Part of subcall function 6664E958: InterlockedFlushSList.KERNEL32 ref: 6664E992
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: List$Interlocked$CriticalDeleteDepthFlushQuerySection$ArrayEntryPush
                                                                                                                                                                • String ID: Xdf
                                                                                                                                                                • API String ID: 3921795151-3595313782
                                                                                                                                                                • Opcode ID: cb992a1d8034790c10aa62a8ca82f1cebec671518fb15a026ac12193be1e6b84
                                                                                                                                                                • Instruction ID: f7c53af1ea6e67646e23e0d4941fbc4b4d3b3204446ab0a628516863272bfa53
                                                                                                                                                                • Opcode Fuzzy Hash: cb992a1d8034790c10aa62a8ca82f1cebec671518fb15a026ac12193be1e6b84
                                                                                                                                                                • Instruction Fuzzy Hash: B5F0FE31205B80A3DB10AF61F8543987765EB86779F445321DAAD862F4DF3AC9A9C344
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665C2C8 Relevance: 6.2, APIs: 4, Instructions: 208sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EntryEventInterlockedListSleepValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 269733676-0
                                                                                                                                                                • Opcode ID: 4675c20b68672025b78725f39fb2e5fa131a56fc5689f11eb494c355aee0ed74
                                                                                                                                                                • Instruction ID: 3960cfd435b73c724a07224af5133490c2d64d8cb813597e91b84350f09ab4a2
                                                                                                                                                                • Opcode Fuzzy Hash: 4675c20b68672025b78725f39fb2e5fa131a56fc5689f11eb494c355aee0ed74
                                                                                                                                                                • Instruction Fuzzy Hash: 7C915972B14B8486DB158F2AE5463AD67B0F789F99F068029CE4E47724DF36C8A5C380
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66680694 Relevance: 6.2, APIs: 4, Instructions: 195COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_getptd_invalid_parameter_noinfoiswctype
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2104083562-0
                                                                                                                                                                • Opcode ID: a6e55d4a0ff82af1fe6d45b1126caa4d6b315b495e87971f129b611f735bf034
                                                                                                                                                                • Instruction ID: 5a74d390885d77a4c22b9e6233b9b049f1a14159ce799045651925d85b2e9777
                                                                                                                                                                • Opcode Fuzzy Hash: a6e55d4a0ff82af1fe6d45b1126caa4d6b315b495e87971f129b611f735bf034
                                                                                                                                                                • Instruction Fuzzy Hash: 385156A2E16290A5EF208A36F91136B2590BB00BB5F104B2DDEB6172C4E778C4C4C7F2
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66680480 Relevance: 6.2, APIs: 4, Instructions: 166COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfoiswctype
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 248606491-0
                                                                                                                                                                • Opcode ID: b37a4e42a0f37754b24fcae06cdfaf1952d240cae3f7b75a2b0efe40da887b50
                                                                                                                                                                • Instruction ID: 4c44765fbf3b413aa322b04d0f05ac3ea90196504d61582b1fd7bb8db1bcb1c3
                                                                                                                                                                • Opcode Fuzzy Hash: b37a4e42a0f37754b24fcae06cdfaf1952d240cae3f7b75a2b0efe40da887b50
                                                                                                                                                                • Instruction Fuzzy Hash: 29413773D5662194FB304A3BFA1135B35A1BB85BA9F114D1ECE6146190E778C4C1C6F3
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664DC7C Relevance: 6.2, APIs: 4, Instructions: 153COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 666A8DBC: malloc.LIBCMT ref: 666A8DD6
                                                                                                                                                                • InitializeSListHead.KERNEL32 ref: 6664DD92
                                                                                                                                                                • InitializeSListHead.KERNEL32 ref: 6664DD9C
                                                                                                                                                                • InitializeSListHead.KERNEL32 ref: 6664DE9C
                                                                                                                                                                • InitializeSListHead.KERNEL32 ref: 6664DEA9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: HeadInitializeList$malloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1846274232-0
                                                                                                                                                                • Opcode ID: 09737e4875840acf759cc6d2dd6b7c46040c4068539c3d5c4d397246791607b3
                                                                                                                                                                • Instruction ID: 49b571bcbc1e8270b93bd0989c1ce40bd3077231bfaae26231c847d8afeb8528
                                                                                                                                                                • Opcode Fuzzy Hash: 09737e4875840acf759cc6d2dd6b7c46040c4068539c3d5c4d397246791607b3
                                                                                                                                                                • Instruction Fuzzy Hash: 3F617B72701B84ABD749DF29EA44789BBA4F788B84F448129CBAD47360DF34E476C744
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666F238 Relevance: 6.1, APIs: 4, Instructions: 131COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_fileno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3179357039-0
                                                                                                                                                                • Opcode ID: 0ba1e478f22c78a0c12f78685aecdc13367e6f3c6cde09c2ae2b7218a1f58790
                                                                                                                                                                • Instruction ID: 0058e0f0cdc2f4abc74bccb3f80aaf16fef54bf88f2e12d69b4565967f012a0f
                                                                                                                                                                • Opcode Fuzzy Hash: 0ba1e478f22c78a0c12f78685aecdc13367e6f3c6cde09c2ae2b7218a1f58790
                                                                                                                                                                • Instruction Fuzzy Hash: DB41EC36A047848AEB148E6BF8403497BA6F7C5B88F158105CE5597398CB38C891CBD3
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666BE6A0 Relevance: 6.1, APIs: 4, Instructions: 115COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6667C9B8: _getptd.LIBCMT ref: 6667C9CA
                                                                                                                                                                • _errno.LIBCMT ref: 666BE6DE
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666BE6E8
                                                                                                                                                                • _errno.LIBCMT ref: 666BE70C
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666BE716
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo$_getptd
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1297830140-0
                                                                                                                                                                • Opcode ID: 90387319a6deea1b9078bb54e8312ce0b444f73ee487a531a176097275950fa5
                                                                                                                                                                • Instruction ID: 3bdc9d48b33bc60c74d1b74de872dc8638ae9203dc74136cde56e5fb119bcded
                                                                                                                                                                • Opcode Fuzzy Hash: 90387319a6deea1b9078bb54e8312ce0b444f73ee487a531a176097275950fa5
                                                                                                                                                                • Instruction Fuzzy Hash: 15412072618BC4CAD711CF25F98425E7FA0F784BD4F048162DB8A47B16EB78D066C745
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66652484 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 666524C7
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 6665258C
                                                                                                                                                                  • Part of subcall function 666528AC: TlsGetValue.KERNEL32 ref: 666528C8
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 666525E5
                                                                                                                                                                • SetEvent.KERNEL32 ref: 666525EF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$EnterEventValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2684762084-0
                                                                                                                                                                • Opcode ID: 88f80baeef4df852fa209ef5790501df1a632f92b306f52c9fb113064e4658ae
                                                                                                                                                                • Instruction ID: cb933bc3b3ae7ec877fef1f56efccdf555cdde5869df0d882e918d029c1981d7
                                                                                                                                                                • Opcode Fuzzy Hash: 88f80baeef4df852fa209ef5790501df1a632f92b306f52c9fb113064e4658ae
                                                                                                                                                                • Instruction Fuzzy Hash: 17417932600B808BDB64CF26F95035ABBB8F784B98F495129EF9A47764DF38E061C704
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666FFF8 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 36a28013d147ec98e09c178db27981f34bfea9d59d89f8f65a76edcb220de536
                                                                                                                                                                • Instruction ID: 5f0c462f9cfcbf3dd9570cd523754a9bd372b4b5ba2cf95f1523a1458484cc30
                                                                                                                                                                • Opcode Fuzzy Hash: 36a28013d147ec98e09c178db27981f34bfea9d59d89f8f65a76edcb220de536
                                                                                                                                                                • Instruction Fuzzy Hash: 973139B162538181DF258F62FC0012EAE55BF057ECF405125FD9BABB54DB39C860C3AA
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66687198 Relevance: 6.1, APIs: 4, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 3b37193fd8c337b5cc9705511b3b24b7cdba70887e82880f4b38ffefe5d16a5f
                                                                                                                                                                • Instruction ID: 8eb930d1779f2dc16e39e5443dbd112cd007a6428a1f63f981f0c99d91719cd8
                                                                                                                                                                • Opcode Fuzzy Hash: 3b37193fd8c337b5cc9705511b3b24b7cdba70887e82880f4b38ffefe5d16a5f
                                                                                                                                                                • Instruction Fuzzy Hash: C931C172B047808AEB018F71E96039D7FA0F755B88F188569DFA847B49DB3DD052CB61
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66684F70 Relevance: 6.1, APIs: 4, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 3bba5df7c9a5ae8170955fb29d46434991e32d4b1c530c2b37cd82b0453cf89f
                                                                                                                                                                • Instruction ID: b1e849aa01e1819fbc6a49971f610f8c9f696d06f08d3d16ff7826e2cd57cff6
                                                                                                                                                                • Opcode Fuzzy Hash: 3bba5df7c9a5ae8170955fb29d46434991e32d4b1c530c2b37cd82b0453cf89f
                                                                                                                                                                • Instruction Fuzzy Hash: F931D672A047808AFB418F31E94039D7FA0E795B8CF188559CF954BB85DB79C091CBE1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66671E20 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _lock.LIBCMT ref: 66671E34
                                                                                                                                                                  • Part of subcall function 66661740: _amsg_exit.LIBCMT ref: 6666176A
                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,00000002,6666E2C3), ref: 66671EEC
                                                                                                                                                                • free.LIBCMT ref: 66671F01
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,00000002,6666E2C3), ref: 66671F23
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$CountEnterInitializeSpin_amsg_exit_lockfree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3786353176-0
                                                                                                                                                                • Opcode ID: bda86f30d83293ca54f0ff26e2cb17e76a45ada60b29be38e037189175ac55c1
                                                                                                                                                                • Instruction ID: 1cd15bbbbe4e32771fddea740274c961943c7584f07c61705505658a90b9d8f0
                                                                                                                                                                • Opcode Fuzzy Hash: bda86f30d83293ca54f0ff26e2cb17e76a45ada60b29be38e037189175ac55c1
                                                                                                                                                                • Instruction Fuzzy Hash: 5B41D576724B8482E7108F26F85032CBB72F794B94F54461ACA594B7B4CF39C461C784
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66663C34 Relevance: 6.1, APIs: 4, Instructions: 84COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 95cedca84f0b827ad0e8ea9efa26340ba4356d1aa31ef34912344bfc6313f597
                                                                                                                                                                • Instruction ID: 1ae3e09978bcc558eb2b890b992069c175178cba0bb4d9616296d1d2765d3e4c
                                                                                                                                                                • Opcode Fuzzy Hash: 95cedca84f0b827ad0e8ea9efa26340ba4356d1aa31ef34912344bfc6313f597
                                                                                                                                                                • Instruction Fuzzy Hash: C6210072B207E08AE7048FA7F55119E7760EB64BC4B14A022EB07E7745FB38C845C74A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667D634 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2959964966-0
                                                                                                                                                                • Opcode ID: 37fcf8849d695ca3b340b1cb9d1aa87f1696f9c72735649fecb2532382a65d61
                                                                                                                                                                • Instruction ID: fcdedda8b8da8d308bef33455771a56de694a686b05f5a87f7e9ca6da2414146
                                                                                                                                                                • Opcode Fuzzy Hash: 37fcf8849d695ca3b340b1cb9d1aa87f1696f9c72735649fecb2532382a65d61
                                                                                                                                                                • Instruction Fuzzy Hash: 2431A77261878086EB218B26F94435D7F60E782FE9F184721D6B947AD8DB78D082CB46
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66663638 Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 67aefcb6c8c0de217b620bbb79b73b3c58349fde19f3a5ba9fef4ba1e4bf48a6
                                                                                                                                                                • Instruction ID: 8515c18ef9adfcdcf3b70b7e7108942d846ab31fd7e984906b265032211d54e3
                                                                                                                                                                • Opcode Fuzzy Hash: 67aefcb6c8c0de217b620bbb79b73b3c58349fde19f3a5ba9fef4ba1e4bf48a6
                                                                                                                                                                • Instruction Fuzzy Hash: 59210472B082C08AE7058B6BF46178D6F91D366784F199022DB46E7743D665CC09CB53
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666637A4 Relevance: 6.1, APIs: 4, Instructions: 80COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 8b40b97763dbe363fd0800401e97d86c307e917b260881eb9b68fd75c99b7896
                                                                                                                                                                • Instruction ID: dd4fd924a42a9482927cef72a705bf3098e3904c88bffe2d099e6a5abe39f1e4
                                                                                                                                                                • Opcode Fuzzy Hash: 8b40b97763dbe363fd0800401e97d86c307e917b260881eb9b68fd75c99b7896
                                                                                                                                                                • Instruction Fuzzy Hash: 37217662B083C099F705CA6BF5603CD6F51E322BC0F05A026CB05E3B87E628C809C783
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66671314 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_flush_freebuf_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3976920402-0
                                                                                                                                                                • Opcode ID: 9c18806dc4271e2dee164c6e9f62faa7a2a8f12a15910666c700f71ae9c8a1a8
                                                                                                                                                                • Instruction ID: 77f78895e5c067e42926248a24eb9d1d177f368ed06b38b3b93d99f7cf0439e3
                                                                                                                                                                • Opcode Fuzzy Hash: 9c18806dc4271e2dee164c6e9f62faa7a2a8f12a15910666c700f71ae9c8a1a8
                                                                                                                                                                • Instruction Fuzzy Hash: 202105B2A1435181E7248F26F85060EBE64E751BB8F180327DE3583BD4DBB4CC51CB85
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666711C4 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo_lock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2363482343-0
                                                                                                                                                                • Opcode ID: 9120b9302f2c89b685f1d73db8791a13e99b587e54e44aa5296c885afab4df2b
                                                                                                                                                                • Instruction ID: 8aa19b888c239efdaee1f0b87937b185da92d059d6f8dfc98ff03a65ec258325
                                                                                                                                                                • Opcode Fuzzy Hash: 9120b9302f2c89b685f1d73db8791a13e99b587e54e44aa5296c885afab4df2b
                                                                                                                                                                • Instruction Fuzzy Hash: 2C31A771719A4086E7308F5AF490358FEA2B796744F58072AD669C73E4DB3EC491CB48
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666ADE74 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFileLastType__doserrno_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3102254839-0
                                                                                                                                                                • Opcode ID: b2bc0672c02323f398311c3724f1bb7b918cf0be4b196cef1f294e32e82c1d5c
                                                                                                                                                                • Instruction ID: 04fa2a8fd5e1283d5eab8a12baddd24db31b75f120070c79301ccd17a5c403d1
                                                                                                                                                                • Opcode Fuzzy Hash: b2bc0672c02323f398311c3724f1bb7b918cf0be4b196cef1f294e32e82c1d5c
                                                                                                                                                                • Instruction Fuzzy Hash: 5921337271478086EB008B25F89539DBFB2B791BE5F585616CE48473E5CF78C860C746
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666504A8 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: List$CloseDepthEntryHandleInterlockedPushQueryValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 94243546-0
                                                                                                                                                                • Opcode ID: 2f1dc77d981f104ee02e60c74d6eda0225605432a96e389e9b7d4d9101529c4d
                                                                                                                                                                • Instruction ID: 94a8d9348a24dd53aef7721930e982f411862e048cdc2bd9a3b49b07a197a56e
                                                                                                                                                                • Opcode Fuzzy Hash: 2f1dc77d981f104ee02e60c74d6eda0225605432a96e389e9b7d4d9101529c4d
                                                                                                                                                                • Instruction Fuzzy Hash: 29215732714A8182EB04DF26E65436DA736FB89FD9F458021DB5A47B24CF7AC8B5C380
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665039C Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsGetValue.KERNEL32 ref: 666503C6
                                                                                                                                                                • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,6664FBD4,?,?,?,?,?,?,?,66656C64), ref: 6665040D
                                                                                                                                                                  • Part of subcall function 666441FC: std::exception::exception.LIBCMT ref: 66644216
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • InterlockedPopEntrySList.KERNEL32(?,?,?,?,?,?,?,6664FBD4,?,?,?,?,?,?,?,66656C64), ref: 6665042A
                                                                                                                                                                • TlsSetValue.KERNEL32(?,?,?,?,?,?,?,6664FBD4,?,?,?,?,?,?,?,66656C64), ref: 66650482
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value$EntryExceptionInterlockedListRaisestd::exception::exception
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2395153271-0
                                                                                                                                                                • Opcode ID: fbbea772cc9ea658c73e52fb113ce605bd8f3c25eca5e3fad87adf43bc6639c4
                                                                                                                                                                • Instruction ID: 7e248e39fe4c6e73ff139ce67ba1e1c6cf052229bdae9479d9583461d4011a3d
                                                                                                                                                                • Opcode Fuzzy Hash: fbbea772cc9ea658c73e52fb113ce605bd8f3c25eca5e3fad87adf43bc6639c4
                                                                                                                                                                • Instruction Fuzzy Hash: AB219132709A8582EB10DF15F85436ABB21FB95B98F440125DA9E477A4DF7DC465C340
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6667F06C Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: ba02520b7d3fb59037c34ba2af8ad5134fc70980e0d17b19f3c7b68f2b68337a
                                                                                                                                                                • Instruction ID: 4327a381ea687a845452ad82dda6efb0ebf4515e2b89a5e741af2a02e473e768
                                                                                                                                                                • Opcode Fuzzy Hash: ba02520b7d3fb59037c34ba2af8ad5134fc70980e0d17b19f3c7b68f2b68337a
                                                                                                                                                                • Instruction Fuzzy Hash: 5811D272A05B4085EE258F66F5609497FA0AFA5BF4F048720DF75477D5EB38C040C386
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666747C4 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2819658684-0
                                                                                                                                                                • Opcode ID: 73b4fe6cae36d93dad86e1509df3c797a2c676510e3b57b9dc6f6bfe4c179abe
                                                                                                                                                                • Instruction ID: 3f953f2d0833d077d734072937c4153df4314a71b8d594753b566f651515768a
                                                                                                                                                                • Opcode Fuzzy Hash: 73b4fe6cae36d93dad86e1509df3c797a2c676510e3b57b9dc6f6bfe4c179abe
                                                                                                                                                                • Instruction Fuzzy Hash: 8A110465615789A2EB118F17FC0421FAF69BB45BC8F0541209D598BB14EFBCC0A1C795
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C0358 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C0387
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C03EB
                                                                                                                                                                  • Part of subcall function 666C7CF8: _raise_exc_ex.LIBCMT ref: 666C7D6D
                                                                                                                                                                  • Part of subcall function 666C7CF8: _errcode.LIBCMT ref: 666C7D78
                                                                                                                                                                  • Part of subcall function 666C7CF8: _umatherr.LIBCMT ref: 666C7DA6
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C0400
                                                                                                                                                                • _ctrlfp.LIBCMT ref: 666C0425
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp$_errcode_raise_exc_ex_umatherr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4197427264-0
                                                                                                                                                                • Opcode ID: e1c8189eb4c3cf042f678b99b05e41177f9e2934ee00d0fb27026e22b9eaffb8
                                                                                                                                                                • Instruction ID: c552201708266b9bbd9554165803fb0cb345ffab57d443362d1d879203cfccff
                                                                                                                                                                • Opcode Fuzzy Hash: e1c8189eb4c3cf042f678b99b05e41177f9e2934ee00d0fb27026e22b9eaffb8
                                                                                                                                                                • Instruction Fuzzy Hash: E7112B61A18E818BD6108B39F8500AFDB95EFE53C8F409325F6911BA78CF38D4538B81
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666FF3C Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfofeofferror
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3595984924-0
                                                                                                                                                                • Opcode ID: 32275cd2c770c048697bae674568aabc8637d4fe5943f7657b3e5ddebe0f3337
                                                                                                                                                                • Instruction ID: 73f7aa877f40277748d3f5366808e95f2a72c17e1a44a96946594aa290b9f8be
                                                                                                                                                                • Opcode Fuzzy Hash: 32275cd2c770c048697bae674568aabc8637d4fe5943f7657b3e5ddebe0f3337
                                                                                                                                                                • Instruction Fuzzy Hash: DC110832618B4186E7119F27BC1012E7FA5ABD6BA8F180130AE56C7394DF78C411C797
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C4FBC Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp_errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1298134450-0
                                                                                                                                                                • Opcode ID: b348efc8c928e5f9016d3835f9cc9bb4171f33d1c2c974f6e0b580462604644c
                                                                                                                                                                • Instruction ID: 8b8c1200ea476f034e3ef28a1ed54530e5714721d7e109c0f5db379281aa2441
                                                                                                                                                                • Opcode Fuzzy Hash: b348efc8c928e5f9016d3835f9cc9bb4171f33d1c2c974f6e0b580462604644c
                                                                                                                                                                • Instruction Fuzzy Hash: 38110D71A14F4189D2214731FD102AFAFA5DFA23DCF419721F9619A674EF29D0A382C7
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A8F58 Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 666A8F78
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666A8F83
                                                                                                                                                                • _errno.LIBCMT ref: 666A8FBC
                                                                                                                                                                • malloc.LIBCMT ref: 666A8FCC
                                                                                                                                                                  • Part of subcall function 666A8CBC: _FF_MSGBANNER.LIBCMT ref: 666A8CEC
                                                                                                                                                                  • Part of subcall function 666A8CBC: RtlAllocateHeap.NTDLL(?,?,?,666A8AC0,?,?,?,666616B5,?,?,?,66661763), ref: 666A8D11
                                                                                                                                                                  • Part of subcall function 666A8CBC: _errno.LIBCMT ref: 666A8D35
                                                                                                                                                                  • Part of subcall function 666A8CBC: _errno.LIBCMT ref: 666A8D40
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$AllocateHeap_invalid_parameter_noinfomalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2904162722-0
                                                                                                                                                                • Opcode ID: d5e138c8a150040311583bb99761ced0aae3c623c6e15b8cba7595babfea84ff
                                                                                                                                                                • Instruction ID: 1766ee255a815d5cef0b5cf17a24726534e8082f374964019fc9d3cf2ef328d4
                                                                                                                                                                • Opcode Fuzzy Hash: d5e138c8a150040311583bb99761ced0aae3c623c6e15b8cba7595babfea84ff
                                                                                                                                                                • Instruction Fuzzy Hash: C501C462B25781A5EE048F12F50018DBAA1AB85BC8F58853C9A5D0BB24EB3CC851C754
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664A220 Relevance: 6.0, APIs: 4, Instructions: 50synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterEventLeaveObjectSingleWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4060455350-0
                                                                                                                                                                • Opcode ID: 7ca8ee030e8c51aea62903f1655bab1dd090e062ff7678b1343c36a621b3a562
                                                                                                                                                                • Instruction ID: d9682a1083aa31177cb164821505a88e882b61e6d4b295a0aea9d3011a7ae6f0
                                                                                                                                                                • Opcode Fuzzy Hash: 7ca8ee030e8c51aea62903f1655bab1dd090e062ff7678b1343c36a621b3a562
                                                                                                                                                                • Instruction Fuzzy Hash: 4D218132204A54A3DB00DF17F950319B3B2FB44794F448225EA5E43BA4DF7AC471CB44
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B2E3C Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _lock.LIBCMT ref: 666B2E52
                                                                                                                                                                  • Part of subcall function 66661740: _amsg_exit.LIBCMT ref: 6666176A
                                                                                                                                                                • free.LIBCMT ref: 666B2E76
                                                                                                                                                                  • Part of subcall function 666A8D78: RtlRestoreThreadPreferredUILanguages.NTDLL(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8D8E
                                                                                                                                                                  • Part of subcall function 666A8D78: _errno.LIBCMT ref: 666A8D98
                                                                                                                                                                  • Part of subcall function 666A8D78: GetLastError.KERNEL32(?,?,?,6669F018,?,?,?,6669F07E,?,?,?,6669F215,?,?,?,6664115E), ref: 666A8DA0
                                                                                                                                                                • _lock.LIBCMT ref: 666B2E91
                                                                                                                                                                • free.LIBCMT ref: 666B2ED7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _lockfree$ErrorLanguagesLastPreferredRestoreThread_amsg_exit_errno
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2884448985-0
                                                                                                                                                                • Opcode ID: 790319425ebcf8c5ac5f6f8d90ec6e55dcf13e5e6057272a8afba71031f3dc85
                                                                                                                                                                • Instruction ID: ed40f3d3858502e42caedaa4ea4915dfecdd5c864ae7af2bcdbbc245264b55f7
                                                                                                                                                                • Opcode Fuzzy Hash: 790319425ebcf8c5ac5f6f8d90ec6e55dcf13e5e6057272a8afba71031f3dc85
                                                                                                                                                                • Instruction Fuzzy Hash: 78018421603680D5EF059BB7F8A037D7BE99B44B48F485125D61E972A4DF3988A2C32A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66683EF4 Relevance: 6.0, APIs: 4, Instructions: 45COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _amsg_exit$_getptd_lockfree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2148533958-0
                                                                                                                                                                • Opcode ID: b99c9da28a76f011058d39f921fd2719850bf5b7f9936049a4f41ceb30b78a42
                                                                                                                                                                • Instruction ID: 438c3140c889599a9ec06ade8ae18b8f6791a1c274eba43c572bb017178e60f2
                                                                                                                                                                • Opcode Fuzzy Hash: b99c9da28a76f011058d39f921fd2719850bf5b7f9936049a4f41ceb30b78a42
                                                                                                                                                                • Instruction Fuzzy Hash: 1B117032615BC082EB449FA5F84076A7776F798B84F480029EF1D53765DF39C864C7A1
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6666DFE0 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _lock.LIBCMT ref: 6666DFF4
                                                                                                                                                                  • Part of subcall function 66661740: _amsg_exit.LIBCMT ref: 6666176A
                                                                                                                                                                • fclose.LIBCMT ref: 6666E024
                                                                                                                                                                • DeleteCriticalSection.KERNEL32(?,?,?,?,?,6666D653), ref: 6666E048
                                                                                                                                                                • free.LIBCMT ref: 6666E059
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalDeleteSection_amsg_exit_lockfclosefree
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 594724896-0
                                                                                                                                                                • Opcode ID: c49ff18e0dce6a338554a6caf796b3610c24ac485e23d0923987550363519fe1
                                                                                                                                                                • Instruction ID: 2da77fcf7863fe468a77a6bcad2c21d60c9a901e31c79e9952be083e6d8f99a0
                                                                                                                                                                • Opcode Fuzzy Hash: c49ff18e0dce6a338554a6caf796b3610c24ac485e23d0923987550363519fe1
                                                                                                                                                                • Instruction Fuzzy Hash: 33117335608A8092D7009B1BFC8035CBB71F7D4B98F104619DA6A87374CF37C8A2C759
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B2EF4 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _getptd.LIBCMT ref: 666B2EFE
                                                                                                                                                                  • Part of subcall function 666620F0: _amsg_exit.LIBCMT ref: 66662106
                                                                                                                                                                  • Part of subcall function 666A8B14: Sleep.KERNEL32(?,?,?,66662097,?,?,?,66665695,?,?,?,?,666A8D9D), ref: 666A8B59
                                                                                                                                                                • _errno.LIBCMT ref: 666B2F1B
                                                                                                                                                                • _lock.LIBCMT ref: 666B2F4E
                                                                                                                                                                • _lock.LIBCMT ref: 666B2F6E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _lock$Sleep_amsg_exit_errno_getptd
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 511150081-0
                                                                                                                                                                • Opcode ID: 9447892a0b74e3d8c6d50243e04eaf3d191d5d6037db6cc9587c349f735bd420
                                                                                                                                                                • Instruction ID: 445a91be062781c2119fdd2e78f5501bd567365909a2783fbaca62cafddc89d9
                                                                                                                                                                • Opcode Fuzzy Hash: 9447892a0b74e3d8c6d50243e04eaf3d191d5d6037db6cc9587c349f735bd420
                                                                                                                                                                • Instruction Fuzzy Hash: 82018671341681D6EB459B77F8507ADBF65EB84B88F088124CA0D87394DF38CC61C72A
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66681178 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_fltin2_getptd_invalid_parameter_noinfoiswctype
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2000152385-0
                                                                                                                                                                • Opcode ID: 96edafa11171cb8c60c346be71d0b78fe7b55b84b0d80182aaebac4f3619c6b7
                                                                                                                                                                • Instruction ID: 5333b237dc14bc6e0a60e86e0c1965f6df2f9700e932d9e9452ab91c776150e8
                                                                                                                                                                • Opcode Fuzzy Hash: 96edafa11171cb8c60c346be71d0b78fe7b55b84b0d80182aaebac4f3619c6b7
                                                                                                                                                                • Instruction Fuzzy Hash: 1301496362478482EB518B30F85035EFF60F795758F000215EAAE0B654EB3CC084CB54
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6664F7CC Relevance: 6.0, APIs: 4, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • TlsAlloc.KERNEL32 ref: 6664F7E9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6664F7FA
                                                                                                                                                                  • Part of subcall function 666440A8: std::exception::exception.LIBCMT ref: 666440C8
                                                                                                                                                                  • Part of subcall function 666A1470: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,666A8E5E), ref: 666A14EB
                                                                                                                                                                • TlsAlloc.KERNEL32 ref: 6664F82A
                                                                                                                                                                • GetLastError.KERNEL32 ref: 6664F83B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocErrorLast$ExceptionRaisestd::exception::exception
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2854767267-0
                                                                                                                                                                • Opcode ID: da144e47f22ff3d8022b29bb8d039d395542ebdb6450739efad89f9c98c9d48f
                                                                                                                                                                • Instruction ID: 2d1bd07f835f88125b7862b3bd5dbb937d057ca4367e620f2fcc454024a418f7
                                                                                                                                                                • Opcode Fuzzy Hash: da144e47f22ff3d8022b29bb8d039d395542ebdb6450739efad89f9c98c9d48f
                                                                                                                                                                • Instruction Fuzzy Hash: 3101DE30B14B058AEB10BB35FC0435867A3FFD4358F908612E199831A8EF3FC0258391
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A90A0 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _errno.LIBCMT ref: 666A90AF
                                                                                                                                                                • _invalid_parameter_noinfo.LIBCMT ref: 666A90BA
                                                                                                                                                                • _errno.LIBCMT ref: 666A90DC
                                                                                                                                                                • malloc.LIBCMT ref: 666A90EC
                                                                                                                                                                  • Part of subcall function 666A8CBC: _FF_MSGBANNER.LIBCMT ref: 666A8CEC
                                                                                                                                                                  • Part of subcall function 666A8CBC: RtlAllocateHeap.NTDLL(?,?,?,666A8AC0,?,?,?,666616B5,?,?,?,66661763), ref: 666A8D11
                                                                                                                                                                  • Part of subcall function 666A8CBC: _errno.LIBCMT ref: 666A8D35
                                                                                                                                                                  • Part of subcall function 666A8CBC: _errno.LIBCMT ref: 666A8D40
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno$AllocateHeap_invalid_parameter_noinfomalloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2904162722-0
                                                                                                                                                                • Opcode ID: 1bb12f4a803ed9dbc86ef848eb7122bc9995a8384f80708d1f41b879eeff5a6e
                                                                                                                                                                • Instruction ID: 5585ff60687d468d0e65bc3bfd4f35da7f45f29115c174688d4c80b78f3c2ca4
                                                                                                                                                                • Opcode Fuzzy Hash: 1bb12f4a803ed9dbc86ef848eb7122bc9995a8384f80708d1f41b879eeff5a6e
                                                                                                                                                                • Instruction Fuzzy Hash: 46F0E2B2762B0085EF045F22E85829C7AA4DB15B48F94C7398A5D8B310FB3ACC90C3B5
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666772C4 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 226COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • JanFebMarAprMayJunJulAugSepOctNovDec, xrefs: 66677406
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: JanFebMarAprMayJunJulAugSepOctNovDec
                                                                                                                                                                • API String ID: 2959964966-2293443934
                                                                                                                                                                • Opcode ID: ce7b2acab1735850eadd7752ddc20c28a277eab8e19d0d533fb2fecf89d4b347
                                                                                                                                                                • Instruction ID: ac1ed87fc607a8d2a06eddb2df81842f7654a953e522d98a6a2afe0e8fc6a008
                                                                                                                                                                • Opcode Fuzzy Hash: ce7b2acab1735850eadd7752ddc20c28a277eab8e19d0d533fb2fecf89d4b347
                                                                                                                                                                • Instruction Fuzzy Hash: 9E7146B37111848FD7198E3CE495BD83F96E3A2305F45C029D6448B766FA3AE509C762
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666B828C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: :
                                                                                                                                                                • API String ID: 2959964966-336475711
                                                                                                                                                                • Opcode ID: 8f79f2e3023e68e68a9851275c56662399eebda8b32b11c94a76930b57f86f10
                                                                                                                                                                • Instruction ID: a86efbe16f6ce3383fe0f7deafaa20248906d984bd8577963c86ddc5b9469fa9
                                                                                                                                                                • Opcode Fuzzy Hash: 8f79f2e3023e68e68a9851275c56662399eebda8b32b11c94a76930b57f86f10
                                                                                                                                                                • Instruction Fuzzy Hash: 85512622A19B82E0DE259E66F5103AB6664FF017F4F44472CAE7487AE5DB34C470C345
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C6528 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID: !$tanf
                                                                                                                                                                • API String ID: 1156100317-3147098732
                                                                                                                                                                • Opcode ID: ce9e2ac2c153851961975332bd2d58f1304fc7e4e5b3ee0d64d96ec823345e6b
                                                                                                                                                                • Instruction ID: f57879e3f8fa1276f073c90d0fc9fb891dc288c8951a14470db1e25a84ef2829
                                                                                                                                                                • Opcode Fuzzy Hash: ce9e2ac2c153851961975332bd2d58f1304fc7e4e5b3ee0d64d96ec823345e6b
                                                                                                                                                                • Instruction Fuzzy Hash: F681B921E25F4449E6238B77F8707A5D755EFA73C8F00C313B82A75E75EB2A90938605
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C54CC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 187COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID: "$sinh
                                                                                                                                                                • API String ID: 1156100317-1232919748
                                                                                                                                                                • Opcode ID: 76eb737d2ec5b81678a39a5234d050757fec12ed9d55fba2027a59a8dfe28c5c
                                                                                                                                                                • Instruction ID: f6c86d8a8e3a8e0c10042dab1fcb3f4acc9d0964a88c0d3b1aab23def9387981
                                                                                                                                                                • Opcode Fuzzy Hash: 76eb737d2ec5b81678a39a5234d050757fec12ed9d55fba2027a59a8dfe28c5c
                                                                                                                                                                • Instruction Fuzzy Hash: 2891B072A25F8089D263CB35F8513A67769FFA63D4F10D307E58A32A25DB3AC0978741
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C5FB4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID: !$tan
                                                                                                                                                                • API String ID: 1156100317-2428968949
                                                                                                                                                                • Opcode ID: f5c6391b546c56aad4298b92cea2025778fce46ca1a3646120365a6d96a14990
                                                                                                                                                                • Instruction ID: 11a671fc4aa324eeac953b4bc9dbda35539867ee2c3c32c315e064335fa414d9
                                                                                                                                                                • Opcode Fuzzy Hash: f5c6391b546c56aad4298b92cea2025778fce46ca1a3646120365a6d96a14990
                                                                                                                                                                • Instruction Fuzzy Hash: A9511A12B25FC489E6238B75F4303B79754EFA73C8F119313A82A35B64EB6E90938645
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C24EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _set_statfp.LIBCMT ref: 666C25DE
                                                                                                                                                                  • Part of subcall function 666C71C4: _ctrlfp.LIBCMT ref: 666C7205
                                                                                                                                                                  • Part of subcall function 666C71C4: _exception_enabled.LIBCMT ref: 666C7228
                                                                                                                                                                  • Part of subcall function 666C71C4: _raise_exc.LIBCMT ref: 666C7274
                                                                                                                                                                  • Part of subcall function 666C71C4: _ctrlfp.LIBCMT ref: 666C72B4
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp$_exception_enabled_raise_exc_set_statfp
                                                                                                                                                                • String ID: !$acos
                                                                                                                                                                • API String ID: 945433390-2870037509
                                                                                                                                                                • Opcode ID: a4e61fa93f290a821c72c03b7ab7c68b8e5a087410ec3a6043827d6c84c27d56
                                                                                                                                                                • Instruction ID: 2cf4c05eef14324f7b56490bf7a5935a658b32160e668a10e0365866d762aa65
                                                                                                                                                                • Opcode Fuzzy Hash: a4e61fa93f290a821c72c03b7ab7c68b8e5a087410ec3a6043827d6c84c27d56
                                                                                                                                                                • Instruction Fuzzy Hash: 7D618131A24F8489E213CB34F860366A76DFFA73D4F51930AFD5635E64DB2A80938A44
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C27EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _set_statfp.LIBCMT ref: 666C28B2
                                                                                                                                                                  • Part of subcall function 666C7060: _ctrlfp.LIBCMT ref: 666C70A1
                                                                                                                                                                  • Part of subcall function 666C7060: _exception_enabled.LIBCMT ref: 666C70C3
                                                                                                                                                                  • Part of subcall function 666C7060: _raise_excf.LIBCMT ref: 666C710F
                                                                                                                                                                  • Part of subcall function 666C7060: _ctrlfp.LIBCMT ref: 666C715B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp$_exception_enabled_raise_excf_set_statfp
                                                                                                                                                                • String ID: !$acosf
                                                                                                                                                                • API String ID: 3072139147-101895715
                                                                                                                                                                • Opcode ID: 0a9da5c1462e6e0fc93ae99cd8605cbbf9c636b1d96252f5096e0bc5aee266a9
                                                                                                                                                                • Instruction ID: 59607b8631e44c7fa8eee15dbd8ff61ad7f2ee88666c9ddd36a800806e55e889
                                                                                                                                                                • Opcode Fuzzy Hash: 0a9da5c1462e6e0fc93ae99cd8605cbbf9c636b1d96252f5096e0bc5aee266a9
                                                                                                                                                                • Instruction Fuzzy Hash: 2E51E631E29F8886E213873BF841766B660FFEE380F25D706FD41759B4D72A90959A00
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C044B Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID: "$_hypot
                                                                                                                                                                • API String ID: 1156100317-1188193384
                                                                                                                                                                • Opcode ID: 3506d7ecfe6baa079d97831c309bc2c6ac717680b6d523aca7d92f81f69bef0d
                                                                                                                                                                • Instruction ID: fefcecf821237b9aa4c223b663bdee5c8a28675f8c6d9a08376110fb896ebfdf
                                                                                                                                                                • Opcode Fuzzy Hash: 3506d7ecfe6baa079d97831c309bc2c6ac717680b6d523aca7d92f81f69bef0d
                                                                                                                                                                • Instruction Fuzzy Hash: 76510832959F4085DA02CF34F46035AE768EBD77D4F408316FA992AB64EB3CD192C781
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666A1244 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _getptd.LIBCMT ref: 666A1268
                                                                                                                                                                  • Part of subcall function 666620F0: _amsg_exit.LIBCMT ref: 66662106
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _amsg_exit_getptd
                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                • API String ID: 4217099735-3733052814
                                                                                                                                                                • Opcode ID: 34b889d26ee5eae61f4d05fcc4cf3d9aaec672174071f347c7619a9c80cf9e32
                                                                                                                                                                • Instruction ID: bf2dfdcbbba89b2a6dd6c5172eb04bbe17ec43ef3e4a3f790e3ea8d4d9bb43ce
                                                                                                                                                                • Opcode Fuzzy Hash: 34b889d26ee5eae61f4d05fcc4cf3d9aaec672174071f347c7619a9c80cf9e32
                                                                                                                                                                • Instruction Fuzzy Hash: 8C419F32618780CBCB208F26F55076EFBA4F345B99F048125DE9887B59CB38DCA1CB46
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665FF78 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlPcToFileHeader.KERNEL32 ref: 6665FFE2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileHeader
                                                                                                                                                                • String ID: bad allocation$csm
                                                                                                                                                                • API String ID: 104395404-2003371537
                                                                                                                                                                • Opcode ID: 85fdfe9c9d8aa921537eb76f9e3dc14a5c614eb48c185f0928743b8e3bf84e6f
                                                                                                                                                                • Instruction ID: e0653b3d5a4acdd93aa2b43f879c0150dc583c727033f7b485cfef2755b52855
                                                                                                                                                                • Opcode Fuzzy Hash: 85fdfe9c9d8aa921537eb76f9e3dc14a5c614eb48c185f0928743b8e3bf84e6f
                                                                                                                                                                • Instruction Fuzzy Hash: 50518E73615B8486DB10CF15F58039AB7A0F7897A8F504225EB8D87B68EF7CC554CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C3EE4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: !$atanf
                                                                                                                                                                • API String ID: 0-1043259411
                                                                                                                                                                • Opcode ID: dc9e4fe0f3815d42bd8d0ed15e94d737edf68527a5fbbe7f91c3f635ba83fa78
                                                                                                                                                                • Instruction ID: 28fe1c1ccdbc5257054f8299aff9e13925943639b1ae4ddb986d0d0bd3cbcfe6
                                                                                                                                                                • Opcode Fuzzy Hash: dc9e4fe0f3815d42bd8d0ed15e94d737edf68527a5fbbe7f91c3f635ba83fa78
                                                                                                                                                                • Instruction Fuzzy Hash: B951B671A25F8089E523CB36F421355AB6AEFA33C5F409703F81A35D75DB6B90538641
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C2FCC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _set_statfp
                                                                                                                                                                • String ID: !$atan
                                                                                                                                                                • API String ID: 1156100317-1342027943
                                                                                                                                                                • Opcode ID: 958abbc88758326410d587425cf9945f38e15f877bc2c99cc9fc0633ac9a1ab7
                                                                                                                                                                • Instruction ID: d5993de79990f8ded85d59ffa8870b9c0e4cfd37bb7b012155e5666eab6e6d41
                                                                                                                                                                • Opcode Fuzzy Hash: 958abbc88758326410d587425cf9945f38e15f877bc2c99cc9fc0633ac9a1ab7
                                                                                                                                                                • Instruction Fuzzy Hash: F351A171A25F908DE6539B38F821352672AFFA23D5F41D307F81B32E21DB6B90638241
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66644E14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentThreadValue
                                                                                                                                                                • String ID: $Jdf
                                                                                                                                                                • API String ID: 1644696904-3596191149
                                                                                                                                                                • Opcode ID: ab15f80c0339b7629d725edc6bff802809e6e99f4d7f9ee1bab9d18b4d6a0705
                                                                                                                                                                • Instruction ID: 37d9133e4ae31841e8f5d7e723fc7ec664ff6abdc6543796a5463932c3a11966
                                                                                                                                                                • Opcode Fuzzy Hash: ab15f80c0339b7629d725edc6bff802809e6e99f4d7f9ee1bab9d18b4d6a0705
                                                                                                                                                                • Instruction Fuzzy Hash: E2417977615B848BCB80DF26E48164C77B5F788FA8B118216DE5E47758EF76C891C700
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66674144 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: B
                                                                                                                                                                • API String ID: 2959964966-1255198513
                                                                                                                                                                • Opcode ID: 5a147a3d8db2e269513c347b73a7227a0971cbd9ffa0c1992ae1ca20bad7da14
                                                                                                                                                                • Instruction ID: f0add568681a7f978b0d6f9275fd54b6e694b498f6329fba8120b162dd2a4588
                                                                                                                                                                • Opcode Fuzzy Hash: 5a147a3d8db2e269513c347b73a7227a0971cbd9ffa0c1992ae1ca20bad7da14
                                                                                                                                                                • Instruction Fuzzy Hash: EB31AE32B10B2089E721DFB5F84459D3FB4F7197A8F554226EE2893B88DB70C462C350
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66672208 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: B
                                                                                                                                                                • API String ID: 2959964966-1255198513
                                                                                                                                                                • Opcode ID: 1230038366fb92ddab606a493109dd67b69891ea1cb5b5d65ca7bd89341eba14
                                                                                                                                                                • Instruction ID: 4c2cd60f3e8a4970586d5ad3aa56818b5eda92c7b0940ec719623223a662f1a1
                                                                                                                                                                • Opcode Fuzzy Hash: 1230038366fb92ddab606a493109dd67b69891ea1cb5b5d65ca7bd89341eba14
                                                                                                                                                                • Instruction Fuzzy Hash: EE21D232B24A5088EB218FB5F94098D3F78BB197ACF540321EE3957A98DB34C051C714
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666C14A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _set_statfp.LIBCMT ref: 666C15D1
                                                                                                                                                                  • Part of subcall function 666C7060: _ctrlfp.LIBCMT ref: 666C70A1
                                                                                                                                                                  • Part of subcall function 666C7060: _exception_enabled.LIBCMT ref: 666C70C3
                                                                                                                                                                  • Part of subcall function 666C7060: _raise_excf.LIBCMT ref: 666C710F
                                                                                                                                                                  • Part of subcall function 666C7060: _ctrlfp.LIBCMT ref: 666C715B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _ctrlfp$_exception_enabled_raise_excf_set_statfp
                                                                                                                                                                • String ID: "$_hypotf
                                                                                                                                                                • API String ID: 3072139147-905711854
                                                                                                                                                                • Opcode ID: 61eec8eda8834d2199ae6d692be72c3c9b7e4af91741670d1f387b15c07c1bdd
                                                                                                                                                                • Instruction ID: 0aeb97dedb0c1da881d04a185d3ba4ba715da38a103cd21540c3cbb5072c12c5
                                                                                                                                                                • Opcode Fuzzy Hash: 61eec8eda8834d2199ae6d692be72c3c9b7e4af91741670d1f387b15c07c1bdd
                                                                                                                                                                • Instruction Fuzzy Hash: 1C3108B2D24FC446D522CA32A4106569651FFAB390F509312AD7A35EC8EB2DC0929B01
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66673E18 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: B
                                                                                                                                                                • API String ID: 2959964966-1255198513
                                                                                                                                                                • Opcode ID: b3edca657b986fe6576e93dfdeac4b7b9c680f23dbe3abfe36423032acb93a32
                                                                                                                                                                • Instruction ID: eab1dc62a8e387593ecab11cbd1b229fa2542a286f784c298de38ac6e847cded
                                                                                                                                                                • Opcode Fuzzy Hash: b3edca657b986fe6576e93dfdeac4b7b9c680f23dbe3abfe36423032acb93a32
                                                                                                                                                                • Instruction Fuzzy Hash: C1218B32B10BA889EB11CF65F84068C3FB4B759B98F580222EE696BB48CB34C851C754
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666CF067 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6669FC60: _getptd.LIBCMT ref: 6669FC7F
                                                                                                                                                                  • Part of subcall function 6669FC60: _getptd.LIBCMT ref: 6669FC91
                                                                                                                                                                  • Part of subcall function 6669FC60: _getptd.LIBCMT ref: 6669FC9F
                                                                                                                                                                • _getptd.LIBCMT ref: 666CF147
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _getptd
                                                                                                                                                                • String ID: csm$csm
                                                                                                                                                                • API String ID: 3186804695-3733052814
                                                                                                                                                                • Opcode ID: 44e99029c0314a127a7e636971a6c8a4baeb412e12e7fcf577631032ff78f8f5
                                                                                                                                                                • Instruction ID: d7577b3887724f8dce5c2a872abc2b5a56a9c3610dbffb1a6b52ba8d5e1b938c
                                                                                                                                                                • Opcode Fuzzy Hash: 44e99029c0314a127a7e636971a6c8a4baeb412e12e7fcf577631032ff78f8f5
                                                                                                                                                                • Instruction Fuzzy Hash: 43310473A04A44CAD7208F2AE4802893F75F788BAEF961219EA4D4BF19CB71C5C0C785
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66671780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: B
                                                                                                                                                                • API String ID: 2959964966-1255198513
                                                                                                                                                                • Opcode ID: 07cf9375f6ec09581bad511e8b399b258c589d684e19b6de6a6d8de23b7a2b01
                                                                                                                                                                • Instruction ID: c929f5f804f69ba7aff5fe2348c2f5fcb7057ec991c808fcce237050ed8a6be8
                                                                                                                                                                • Opcode Fuzzy Hash: 07cf9375f6ec09581bad511e8b399b258c589d684e19b6de6a6d8de23b7a2b01
                                                                                                                                                                • Instruction Fuzzy Hash: E021B072B10A24D9FB22CFB5F8507CC7F78A7157A8F580226EE1A1BA88DB34C041C350
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66673F38 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _errno_invalid_parameter_noinfo
                                                                                                                                                                • String ID: B
                                                                                                                                                                • API String ID: 2959964966-1255198513
                                                                                                                                                                • Opcode ID: b106a0230a224264ed1b0f60fecaba4bdc0a6c48adaa2b3122a12f54b82e8c6c
                                                                                                                                                                • Instruction ID: d0de275f86b4198715a386502115d301b5df427d347b50bf08b1879612977b45
                                                                                                                                                                • Opcode Fuzzy Hash: b106a0230a224264ed1b0f60fecaba4bdc0a6c48adaa2b3122a12f54b82e8c6c
                                                                                                                                                                • Instruction Fuzzy Hash: 62214872B20B2089EB10CBA6F84069C7FB4B798BD8F580216EE5967B88CB38C451C754
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666592BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • QueryDepthSList.KERNEL32 ref: 6665930F
                                                                                                                                                                • InterlockedPushEntrySList.KERNEL32 ref: 6665932C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: List$DepthEntryInterlockedPushQuery
                                                                                                                                                                • String ID: 'mf
                                                                                                                                                                • API String ID: 3968893850-1658814612
                                                                                                                                                                • Opcode ID: e8fa7c13f2b97c4216050b2e452195e370f23fe7c6c64f66dcbe516ec15ed827
                                                                                                                                                                • Instruction ID: e359951a15fdc1daef2bf1b42a9831850d5f2b5d436b545904728617a7cc9d9b
                                                                                                                                                                • Opcode Fuzzy Hash: e8fa7c13f2b97c4216050b2e452195e370f23fe7c6c64f66dcbe516ec15ed827
                                                                                                                                                                • Instruction Fuzzy Hash: 0001C0B1B146C082EB048F15F08539D7322FB44BC8F864221EA1A47B18CF79C8B6C704
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66659468 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42timeCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateTimerQueueTimer.KERNEL32 ref: 666594B7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Timer$CreateQueue
                                                                                                                                                                • String ID: $bad allocation
                                                                                                                                                                • API String ID: 3971536239-1441640566
                                                                                                                                                                • Opcode ID: 671e0e34dbf1f66f73f3b0ff7b74fabb4bb19bc79d7513cc69e3f4cf072d7906
                                                                                                                                                                • Instruction ID: c4b1f8d83d9abfff1b413323425517bf15f05d8593192aef9b541f5f4deaf43b
                                                                                                                                                                • Opcode Fuzzy Hash: 671e0e34dbf1f66f73f3b0ff7b74fabb4bb19bc79d7513cc69e3f4cf072d7906
                                                                                                                                                                • Instruction Fuzzy Hash: 2911307260878592DB10CF25F444389B7B5F78578CFA44116EA9C47B54EB3ACA66CB80
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66661FA8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _lock$_amsg_exit
                                                                                                                                                                • String ID: 7of
                                                                                                                                                                • API String ID: 614513156-1288651110
                                                                                                                                                                • Opcode ID: 8c2cde3a9cbe62e7b2009ab7c79f70d65ba21276279859eeef204f1a7e10b2d8
                                                                                                                                                                • Instruction ID: 1a0961061cfb17a65c93fdc6f3ee7abe90fad3162d5ac20b20d80e51a8fbe7ef
                                                                                                                                                                • Opcode Fuzzy Hash: 8c2cde3a9cbe62e7b2009ab7c79f70d65ba21276279859eeef204f1a7e10b2d8
                                                                                                                                                                • Instruction Fuzzy Hash: 8A019E72202B80C6EB408B6AF8447D97BA5F744B8CF684135CA4D4B3A4CF7AC45BC726
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 666CF183 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 6669F938: _getptd.LIBCMT ref: 6669F945
                                                                                                                                                                  • Part of subcall function 6669F938: _getptd.LIBCMT ref: 6669F958
                                                                                                                                                                • _getptd.LIBCMT ref: 666CF1E4
                                                                                                                                                                • _getptd.LIBCMT ref: 666CF1F7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _getptd
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 3186804695-1018135373
                                                                                                                                                                • Opcode ID: 46aee01aa768634ff5903617f582e95d6395ed3cd39d24d844efbd943bbf04a8
                                                                                                                                                                • Instruction ID: 00de0a48ab102855a9c0d1e5b77bbb789a306a322e4d18d6d1eb2856a8601577
                                                                                                                                                                • Opcode Fuzzy Hash: 46aee01aa768634ff5903617f582e95d6395ed3cd39d24d844efbd943bbf04a8
                                                                                                                                                                • Instruction Fuzzy Hash: 780128B6941A8289CB209F2AEC543A93724FBC5B5EF490236CE4D4BA04DB31C691C786
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665F670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DecodePointerfree
                                                                                                                                                                • String ID: csm
                                                                                                                                                                • API String ID: 2443025543-1018135373
                                                                                                                                                                • Opcode ID: aabb2955891557924d8029dc2b9399808175482ea17e59a74d3797256e9a5bda
                                                                                                                                                                • Instruction ID: eae76a1fad7697b679558e9e06137d6e9ed571c9d174f48eda8bc4d4bc7b2078
                                                                                                                                                                • Opcode Fuzzy Hash: aabb2955891557924d8029dc2b9399808175482ea17e59a74d3797256e9a5bda
                                                                                                                                                                • Instruction Fuzzy Hash: 71F08C63A0230086CF119F26E48271D27A4AFD4F4AB669416CA4D8A330DA32C4E2CA81
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 6665C658 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Concurrency::details::InternalContextBase::~InternalContextBase.LIBCMT ref: 6665C67C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ContextInternal$BaseBase::~Concurrency::details::
                                                                                                                                                                • String ID: $tdf$`wdf
                                                                                                                                                                • API String ID: 3275300208-1271117318
                                                                                                                                                                • Opcode ID: 75a2c1aee81ba2faf6acea8ab25a5790ae065af0dc1be0dd1ff45697606643d5
                                                                                                                                                                • Instruction ID: 39dc8e58cbb0d6bae94379768d9db4806f1767ecc913d8e2022293cf5329114e
                                                                                                                                                                • Opcode Fuzzy Hash: 75a2c1aee81ba2faf6acea8ab25a5790ae065af0dc1be0dd1ff45697606643d5
                                                                                                                                                                • Instruction Fuzzy Hash: 85E08632704B8096DB058B56F680368776AAF487C4F584021DE5C03B74DF79C9A1C300
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                Function 66657FB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Concurrency::details::InternalContextBase::~InternalContextBase.LIBCMT ref: 66657FD8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.1746538376.0000000066641000.00000020.00000001.01000000.00000009.sdmp, Offset: 66640000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.1746494996.0000000066640000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746629781.00000000666D1000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746676688.00000000666F2000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746703958.00000000666F4000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746728701.00000000666F7000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746759192.00000000666FA000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746809213.0000000066702000.00000010.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.1746836294.0000000066706000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_66640000_unpack200.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ContextInternal$BaseBase::~Concurrency::details::
                                                                                                                                                                • String ID: $tdf$`wdf
                                                                                                                                                                • API String ID: 3275300208-1271117318
                                                                                                                                                                • Opcode ID: c3cab98079217739ed3b5ee2a452f82c7e070a0172a1fe06e894a558e62e94cb
                                                                                                                                                                • Instruction ID: 53721ac305ccff6dcec5a17da10034e9309d115e0d636978818f2d7d70d625c2
                                                                                                                                                                • Opcode Fuzzy Hash: c3cab98079217739ed3b5ee2a452f82c7e070a0172a1fe06e894a558e62e94cb
                                                                                                                                                                • Instruction Fuzzy Hash: B6E08631705B4492DB059B55F6903A877A5EB487C4F548021EE5C03B74EF39C8A2C300
                                                                                                                                                                Uniqueness

                                                                                                                                                                Uniqueness Score: -1.00%